SecurityTracker Alert ID 1017463
Alan DeKok
aland at freeradius.org
Sun Feb 11 08:32:27 CET 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SecurityTracker wrote:
> Thanks for notifying us of this. My apologies for the excessive delay
> in getting this posting corrected. We've just updated the Alert on our
> site to indicate that you dispute that there is a security impact. As
> part of our standard dispute resolution process, we have sent e-mail to
> the original poster (Michal Bucko (sapheal)) just to see if he has any
> other information to indicate security threat exists.
Thanks. He hasn't responded to our queries. Maybe you'll have better
luck.
> The characterization as a remote issue was clearly an error on our part.
OK. I was curious as to where it had come from.
> BTW, the CVE entry does not yet reflect your position on the dispute, so
> you may want to contact CVE (cve at mitre.org). It does allude to 3APA3A's
> Bugtraq message questioning the claim. But CVE usually has a way of
> more clearly indicating a vendor dispute. This is what they say right now:
I've been in touch with CVE. The statement should be updated in a few
days.
Alan DeKok
Project Leader
The FreeRADIUS Server Project
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQCVAwUBRc7Gi6kul4vkAkl9AQLSlAP/awlC8kjl8LOKw/dfxFQ93ukEDFCQN8mZ
6EeVdcK4rB6bGk/5FhtAfdudBDqQX8kmFj61tAorLsPRxHCUed9X+gdHZ/MEG2r+
md5IvwLsTO96bFVqmeOWfPTNFKEyuhFvw/G4p+kxPhXPAc1gcb1Vr29moAdUy+Ej
CpLUh7s5S2E=
=1Xee
-----END PGP SIGNATURE-----
More information about the Freeradius-Devel
mailing list