SecurityTracker Alert ID 1017463
aland at freeradius.org
Sun Feb 11 08:32:27 CET 2007
-----BEGIN PGP SIGNED MESSAGE-----
> Thanks for notifying us of this. My apologies for the excessive delay
> in getting this posting corrected. We've just updated the Alert on our
> site to indicate that you dispute that there is a security impact. As
> part of our standard dispute resolution process, we have sent e-mail to
> the original poster (Michal Bucko (sapheal)) just to see if he has any
> other information to indicate security threat exists.
Thanks. He hasn't responded to our queries. Maybe you'll have better
> The characterization as a remote issue was clearly an error on our part.
OK. I was curious as to where it had come from.
> BTW, the CVE entry does not yet reflect your position on the dispute, so
> you may want to contact CVE (cve at mitre.org). It does allude to 3APA3A's
> Bugtraq message questioning the claim. But CVE usually has a way of
> more clearly indicating a vendor dispute. This is what they say right now:
I've been in touch with CVE. The statement should be updated in a few
The FreeRADIUS Server Project
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Freeradius-Devel