CVE-2011-2701 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2701): The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate.
@net-dialup, mrness, can we proceed with stabilization of net-dialup/freeradius-2.1.12? Thanks.
@net-dialup, mrness, ping? Thanks.
Go for 2.2.0 at this point (see the other open bug).
Already on existing GLSA draft.
This issue was resolved and addressed in GLSA 201311-09 at http://security.gentoo.org/glsa/glsa-201311-09.xml by GLSA coordinator Sergey Popov (pinkbyte).