Your message dated Tue, 05 Apr 2016 17:20:40 +0000
with message-id <[email protected]>
and subject line Bug#810621: fixed in dhcpcd5 6.10.1-1
has caused the Debian Bug report #810621,
regarding dhcpcd5: CVE-2016-1503: heap overflow via malformed dhcp responses in
print_option (via dhcp_envoption1) due to incorrect option length values
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
810621: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810621
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: dhcpcd5
Version: 6.9.3-1
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for dhcpcd5.
CVE-2016-1503[0]:
|heap overflow via malformed dhcp responses in print_option (via
|dhcp_envoption1) due to incorrect option length values
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-1503
[1]
http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9def1300d7ba990679571fa30
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: dhcpcd5
Source-Version: 6.10.1-1
We believe that the bug you reported is fixed in the latest version of
dhcpcd5, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jose dos Santos Junior <[email protected]> (supplier of updated dhcpcd5
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 04 Apr 2016 09:58:32 -0300
Source: dhcpcd5
Binary: dhcpcd5
Architecture: source
Version: 6.10.1-1
Distribution: unstable
Urgency: medium
Maintainer: Jose dos Santos Junior <[email protected]>
Changed-By: Jose dos Santos Junior <[email protected]>
Description:
dhcpcd5 - DHCPv4, IPv6RA and DHCPv6 client with IPv4LL support
Closes: 791582 799795 810620 810621 813595 815338
Changes:
dhcpcd5 (6.10.1-1) unstable; urgency=medium
.
* New upstream release (Closes: #813595)
* Fix CVE-2016-1504 invalid read/crash
via malformed dhcp responses by upstream (Closes: #810620)
* Fix CVE-2016-1503 heap overflow via malformed
dhcp responses in print_option (via dhcp_envoption1)
due to incorrect option length values by upstream (Closes: #810621)
* d/control:
- Bump Standards-Version to 3.9.7
* Fix dhcpcd5 FTBFS on kfreebsd-amd64
and kfreebsd-i386 by upstream (Closes: #815338)
* Fix Multiplication of IPv6 addresses by upstream (Closes: #791582)
* d/rules:
- Add hardening
* d/patches:
- fix-spelling-error for all older files
- fix-spelling-error-in-manpage for manpage`s
* d/dhcpcd5.lintian-overrides:
- Add overrides for spelling error binary false positive
* recommended revision in your dhcp by upstream (Closes: #799795)
Checksums-Sha1:
997f1e68b910f1894f7cfe555c9c2fbc7355c521 1705 dhcpcd5_6.10.1-1.dsc
bb37e0211858df8a919c494e14a6bbfb67b1f72c 180112 dhcpcd5_6.10.1.orig.tar.xz
360f200aa36d71b1274a9b90ea77b8cda47febf2 6104 dhcpcd5_6.10.1-1.debian.tar.xz
Checksums-Sha256:
210ec08796f48b01010193772fc11e5225d080747a0656b94589f35b1343ec87 1705
dhcpcd5_6.10.1-1.dsc
284abf8c3be0580bbac5eaca95359346ab0d78d4072317b6ce87cc68f2e8ae7b 180112
dhcpcd5_6.10.1.orig.tar.xz
2f8fa37c10fcd76c07cb6cec6048cd20c3c93a893deba78b23c6d15b1e2cd39a 6104
dhcpcd5_6.10.1-1.debian.tar.xz
Files:
c5255679280a737e39385e6215f58357 1705 net optional dhcpcd5_6.10.1-1.dsc
a7b83c57f47b62f48373905d3b4f7978 180112 net optional dhcpcd5_6.10.1.orig.tar.xz
8b19dba9d5838ba1b93a266bffc4871a 6104 net optional
dhcpcd5_6.10.1-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXA/KuAAoJEPNPCXROn13ZkXIQAJlwK2JL7/Y96KlZ8/PIYBye
9SZJ9DdNrgr5xulN2EObpCZ+XOut7uBysSgNtflVFOKCMzrZ+PLNDyUPCwc88FuH
FpYpsfwjGgwB7MRV7HyEoNre8/XoyGaXnlcCkAckPz104jwmjm3Yux5+Yh6ReuOb
vu208cUn/9eae08brwz7swKrmMXONmQE6h6a5kCXV/2wMQLGv+ejFni5726z22FD
WpQtf/revgKJj4qd5z7djtwnaqnStbOuwQopGaq60LroZP3mw86Rg9gnK4W0nVq6
IlxvKl2j1JCyqBw7KGiv6tPuB8SbKZPZIezAiqZNjmTTxRYY51RDS3r/DTnmjVgy
n46OTYvzDDnCs/1GGk2M79ZoU1wXsPazzblVvy6UEO5On6OoBOIySudpXTk3WSEf
Dfo41NMrgNuW5ut9ca2rqnCpu6Kt4WDoG+QCSoEgL9ocodGjqh/hOqt2/nm90gf7
Aiho9+a+YoypaPuh9Fp4eIV57wRz2g8DC1lcecymMYk2vH+J80jQGp3ooP/F9hRq
Pou55tD779IU/f3Ms7i1No2NW+eLFfz3BDRptOXgRDlPIV2G+MrKZE37OSkB1z6D
HeZoauTuXP3S7olF6gafVOqiETcASoaVzkUQ7H5PwriIuBZ9vkZv4mT7C81PrRvg
T0+zx7pguEr9UtaJubob
=62bK
-----END PGP SIGNATURE-----
--- End Message ---
