SecurityTracker Alert ID 1017463

Alan DeKok aland at freeradius.org
Sun Feb 11 08:32:27 CET 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SecurityTracker wrote:
> Thanks for notifying us of this.  My apologies for the excessive delay
> in getting this posting corrected.  We've just updated the Alert on our
> site to indicate that you dispute that there is a security impact.  As
> part of our standard dispute resolution process, we have sent e-mail to
> the original poster (Michal Bucko (sapheal)) just to see if he has any
> other information to indicate security threat exists.

  Thanks.  He hasn't responded to our queries.  Maybe you'll have better
luck.

> The characterization as a remote issue was clearly an error on our part.

  OK.  I was curious as to where it had come from.

> BTW, the CVE entry does not yet reflect your position on the dispute, so
> you may want to contact CVE (cve at mitre.org).  It does allude to 3APA3A's
> Bugtraq message questioning the claim.  But CVE usually has a way of
> more clearly indicating a vendor dispute.  This is what they say right now:

  I've been in touch with CVE.  The statement should be updated in a few
days.

  Alan DeKok
  Project Leader
  The FreeRADIUS Server Project
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQCVAwUBRc7Gi6kul4vkAkl9AQLSlAP/awlC8kjl8LOKw/dfxFQ93ukEDFCQN8mZ
6EeVdcK4rB6bGk/5FhtAfdudBDqQX8kmFj61tAorLsPRxHCUed9X+gdHZ/MEG2r+
md5IvwLsTO96bFVqmeOWfPTNFKEyuhFvw/G4p+kxPhXPAc1gcb1Vr29moAdUy+Ej
CpLUh7s5S2E=
=1Xee
-----END PGP SIGNATURE-----



More information about the Freeradius-Devel mailing list