CVE-2009-3111 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3111): The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes. NOTE: this is a regression error related to CVE-2003-0967.
Please remove 1.1.7.
Done. I tried to add version 1.1.8 to the tree, but that configure script is borked and I don't want to put time and effort in supporting ancient versions :-/
Vote: NO.
NO. Closing.