From d253cf86d79b024ff68378e146775aa6975b887a Mon Sep 17 00:00:00 2001 From: "Alan T. DeKok" Date: Mon, 17 Jul 2017 08:43:00 -0400 Subject: [PATCH] note recent changes --- doc/ChangeLog | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/doc/ChangeLog b/doc/ChangeLog index 62f2615..c42aace 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,4 +1,4 @@ -FreeRADIUS 3.0.15 Fri 26 May 2017 13:00:00 EDT urgency=medium +FreeRADIUS 3.0.15 Mon 17 Jul 2017 09:00:00 EDT urgency=high Feature improvements * Provide HOSTNAME in default systemd files. * Incorporate RedHat specific files @@ -11,19 +11,25 @@ FreeRADIUS 3.0.15 Fri 26 May 2017 13:00:00 EDT urgency=medium * Pass correct statement length into sqlite3_prepare[_v2] * Bind the lifetime of program name and python path to the module * Check input / output length in make_secret(). - CVE-2017-10978. + FR-GV-201 * Fix read overflow when decoding DHCP option 63 - CVE-2017-10983. + FR-GV-206 * Fix write overflow in data2vp_wimax() - CVE-2017-10984. + FR-GV-301 * Fix infinite loop and memory exhaustion with 'concat' attributes - CVE-2017-10985 + FR-GV-302 * Fix infinite read in dhcp_attr2vp() - CVE-2017-10986. + FR-GV-303 * Fix buffer over-read in fr_dhcp_decode_suboptions() - CVE-2017-10987. - * use strncmp() instead of memcmp() for bounded data + FR-GV-304 * Decode 'signed' attributes correctly. + FR-GV-305 + * use strncmp() instead of memcmp() for bounded data + FR-AD-001 + * Bind the lifetime of program name and python path to the module + FR-AD-002 + * Pass correct statement length into sqlite3_prepare[_v2] + FR-AD-003 * print messages when we see deprecated configuration items * show reasons why we couldn't parse a certificate @@ -42,6 +48,7 @@ FreeRADIUS 3.0.15 Fri 26 May 2017 13:00:00 EDT urgency=medium * run rad_authlog after post-auth for Access-Reject. * Don't process VMPS packets twice. * Fix attribute truncation in rlm_perl + * Fix bug when processing huntgroups. FreeRADIUS 3.0.14 Fri 26 May 2017 13:00:00 EDT urgency=medium Feature improvements -- 2.1.4