Your message dated Sun, 28 Aug 2022 10:47:29 +0000
with message-id <e1osfpb-00fjsg...@fasolo.debian.org>
and subject line Bug#992036: fixed in freeradius 3.0.17+dfsg-1.1+deb10u1
has caused the Debian Bug report #992036,
regarding freeradius 3.0.x crashes with "attempting double-free"
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
992036: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992036
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:freeradius
Version: 3.0.17+dfsg-1
Severity: important
Tags: patch
At $dayjob we tried migrating our central radius proxy from FreeRADIUS 2.x to
FreeRADIUS 3.x and have experienced several crashes under high load.
A colleague worked closely together with upstream in
https://github.com/FreeRADIUS/freeradius-server/issues/3188 and it looks like
there is a two-line patch (already committed) that is fixing these crashes.
This bug is open for tracking, we are going to test whether 3.0.21+patch works
as well. In this case it might be included in a future stable update.
--- End Message ---
--- Begin Message ---
Source: freeradius
Source-Version: 3.0.17+dfsg-1.1+deb10u1
Done: Adrian Bunk <b...@debian.org>
We believe that the bug you reported is fixed in the latest version of
freeradius, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 992...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian Bunk <b...@debian.org> (supplier of updated freeradius package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 27 Aug 2022 22:29:38 +0300
Source: freeradius
Architecture: source
Version: 3.0.17+dfsg-1.1+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Debian FreeRADIUS Packaging Team
<pkg-freeradius-maintain...@lists.alioth.debian.org>
Changed-By: Adrian Bunk <b...@debian.org>
Closes: 992036
Changes:
freeradius (3.0.17+dfsg-1.1+deb10u1) buster; urgency=medium
.
* Non-maintainer upload.
* CVE-2019-13456: side-channel leak where 1 in 2048 handshakes fail
* CVE-2019-17185: DoS due to multithreaded BN_CTX access
* Add upstream fix for a crash bug. (Closes: #992036)
Checksums-Sha1:
fdb1b56ce2e6ea04ac8460f685dbae20079ea984 3825
freeradius_3.0.17+dfsg-1.1+deb10u1.dsc
31a58066f75acb0d516368c24e33b0f7c3609df3 66064
freeradius_3.0.17+dfsg-1.1+deb10u1.debian.tar.xz
Checksums-Sha256:
3b3a157633db2ad3c80bced140c029d5f62558e7c6c8ef0910bfba41240a27a6 3825
freeradius_3.0.17+dfsg-1.1+deb10u1.dsc
ea84812735f583680b74bc25978ba3d45fdef9a62cef6c94b43dd7ef3fadf5a6 66064
freeradius_3.0.17+dfsg-1.1+deb10u1.debian.tar.xz
Files:
fa78f82b70fd0a87845afc59e0175a81 3825 net optional
freeradius_3.0.17+dfsg-1.1+deb10u1.dsc
86111c33f47c50013f7ca842b4e0b609 66064 net optional
freeradius_3.0.17+dfsg-1.1+deb10u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmMKc+4ACgkQiNJCh6LY
mLG4bA//WhfL4LjpebrIW6ti+UwbKfQAU+F/K/w8rJ4BY0pqPmHJX+dv6IuLG5hw
uAfNbaf7dQp0b3/ofL70I+5F/d9VETZ/ANOUQJlZreEgVOu7FRR0j9S8vdgs7wRK
nR0i7u/OhdbmzMC9MJqEJKAVo5aTAVwQI9kKAI+KXpIJmyHjOSS/wEZP5qSJ99NP
yHw9b2l68Ba62jakl7QXesbbDcvv6waqCF+UIDpOQLARKUONBmeMYhxpWot1/rak
reSTIHonkQVQ9fUcC0y+9pKIerpGCQ/BaatqcOgjab2dXD4euJYOCGOg1ypLm+R9
JBe2WeCbyu8hy/iIIKo3+qQsXl9osD7l4CbSruDqt+gL3RqBRHwOKFQRUJCDSgr4
7QSlsA45Vdf+eqCGEji1RH3jj2+ERu3UMEnvPbJ65o2jKgNTQE4EFfhmAlDJ3NGL
RzEcmGNj3yuG4aAa+3hhRaWxB/ZRmtUcDAFQxEr4k4P8OSCm71H9GNMmZwtBc3OU
khP7Sr9M9xm/mIyHuEiOEy7ad/zv+DiXHBIATcblc0YrDfEptlFcfu6arfMo1MB7
v1NLvy20MIuHLkuSc3Sf2cYDHSf1UWedYxgZWpgUTul5khfxZ2f0IklLPOPjvREw
Lg3wzFlDKFqRGfhGRtfiBi2RuM4cX9kL4cKRBXw7eYmf2WGJIdI=
=lm+K
-----END PGP SIGNATURE-----
pgpZxMd1WKBVm.pgp
Description: PGP signature
--- End Message ---
