Version in base suite: 2.1-9 Base version: openvpn-auth-radius_2.1-9 Target version: openvpn-auth-radius_2.1-9+deb13u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/o/openvpn-auth-radius/openvpn-auth-radius_2.1-9.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/o/openvpn-auth-radius/openvpn-auth-radius_2.1-9+deb13u1.dsc changelog | 7 +++++++ patches/0008-authenticate-fix | 21 +++++++++++++++++++++ patches/series | 1 + 3 files changed, 29 insertions(+) diff -Nru openvpn-auth-radius-2.1/debian/changelog openvpn-auth-radius-2.1/debian/changelog --- openvpn-auth-radius-2.1/debian/changelog 2024-10-20 15:28:08.000000000 +0000 +++ openvpn-auth-radius-2.1/debian/changelog 2025-10-26 17:28:22.000000000 +0000 @@ -1,3 +1,10 @@ +openvpn-auth-radius (2.1-9+deb13u1) trixie; urgency=medium + + * patches/0008-authenticate-fix: Fix packet authentication + (Closes: Bug#1118479) + + -- Samuel Thibault Sun, 26 Oct 2025 18:28:22 +0100 + openvpn-auth-radius (2.1-9) unstable; urgency=medium * QA upload. diff -Nru openvpn-auth-radius-2.1/debian/patches/0008-authenticate-fix openvpn-auth-radius-2.1/debian/patches/0008-authenticate-fix --- openvpn-auth-radius-2.1/debian/patches/0008-authenticate-fix 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-auth-radius-2.1/debian/patches/0008-authenticate-fix 2025-10-20 22:11:25.000000000 +0000 @@ -0,0 +1,21 @@ +Description: Fix RADIUS Packet Authentication use-after-free + The BLASTRadius vulnerability mitigation introduced a use-after-free + in the RadiusPacket::authenticateReceivedPacket method. + This fix prevents use-after-free by assigning the string to a + variable before relying on the c_str result. +Author: Martin Rampersad +Last-Update: 2025-10-20 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/RadiusClass/RadiusPacket.cpp ++++ b/RadiusClass/RadiusPacket.cpp +@@ -706,7 +706,8 @@ + + int RadiusPacket::authenticateReceivedPacket(RadiusServer *server) + { +- const char *secret = server->getSharedSecret().c_str(); ++ string secretString = server->getSharedSecret(); ++ const char *secret = secretString.c_str(); + gcry_md_hd_t context; + int res; + diff -Nru openvpn-auth-radius-2.1/debian/patches/series openvpn-auth-radius-2.1/debian/patches/series --- openvpn-auth-radius-2.1/debian/patches/series 2024-10-20 15:27:15.000000000 +0000 +++ openvpn-auth-radius-2.1/debian/patches/series 2025-10-20 22:11:25.000000000 +0000 @@ -5,3 +5,4 @@ 40_use_cppflags.diff 0006-Support-verify-client-cert-directive-in-openvpn-2.4.patch 0007-RadiusBLAST +0008-authenticate-fix