On Wed, Apr 12, 2006 at 07:52:34PM +0200, Florian Weimer wrote: > * Steve Langasek:
> > FWIW, I'm not convinced this bug warrants grave severity anyway; unless the > > crasher bug allows arbitrary code execution as well, it doesn't seem like > > this is really a big issue given that the radius clients shouldn't normally > > be under the control of an attacker? > Nowadays, RADIUS is performed across administrative boundaries. 8-/ > (And in a service provider environment, attacks on availability are > often as significant as attacks on integrity or confidentiality.) Ok. In any case, the current freeradius package has reached testing now, so the mysql transition no longer blocks this fix. Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
signature.asc
Description: Digital signature
