Control: tags -1 + confirmed d-i On Sun, 2018-10-28 at 20:09 +0100, Michael Biebl wrote: > a recently discovered vulnerability allows a malicious dhcp6 server > to overwrite heap memory in systemd-networkd. This can lead to a > crash (DoS) of networkd or in worst case a remote code execution [1]. > I was contacted by the security team about this issue. As networkd is > not enabled by default, it wasn't deemed severe enough to be fixed > via a stable-security upload and a fix via a regular stable upload > seemed sufficient. > I already asked for a stable upload for 9.6 in [2]. I'm not sure what > the procedure is in such a case. Should I reupload 232-25+deb9u5 with > this fix included or make a 232-25+deb9u6 upload?
+deb9u5 is already effectively released, as p-u is mirrored and used, so this would want to be +deb9u6 (once KiBi-acked). Regards, Adam