-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Salvatore,
Thanks for your feedback. Here are the fixed files, taking into account your comments. Cheers, Pierre On 11/18/2014 05:47 PM, Salvatore Bonaccorso wrote: > Hi Pierre, > > On Tue, Nov 18, 2014 at 03:58:45PM +0100, Pierre Schweitzer wrote: >> Package: dhcpcd5 Severity: important Tags: security patch >> >> dhcpd5 is vulnerable to the CVE-2014-6060 which can cause a >> denial of service: >> https://security-tracker.debian.org/tracker/CVE-2014-6060 >> >> Please find attached the debdiff & dsc for NMU upload which fixes >> the vulnerability in unstable. > > (disclaimer: not the maintainer here). > > Thank you for the debdiff. I have looked at it the patch itself > look good. I have some small remarks, also in the light if an > unblock for jessie might be wanted: > > The changelog only says: > > * Fix CVE-2014-6060 in dhcpcd5 > > Could you (now that the bugnumber is known) please also add the > Closes marker for the bug #770043. Additionally "Fix CVE-2014-6060 > in dhcpcd5" will probably not make the release team too happy when > requesting the unblock for jessie ;-). I would at least add that > it fixes a denial of service vulnerability. See [1] for the freeze > policy. > > For the patch itself a suggestion: Could you add more patch > headers e.g. as per DEP3[2]. > > I would happily sponsor the upload then if still required > (uploading to a delayed queue, just in case we hear from Roy). > > [1] https://release.debian.org/jessie/freeze_policy.html [2] > http://dep.debian.net/deps/dep3/ > > Regards, Salvatore > - -- Pierre Schweitzer <pie...@reactos.org> System & Network Administrator Senior Kernel Developer ReactOS Deutschland e.V. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUa3ybAAoJEHVFVWw9WFsLMEUQAJ+17MCquM8xP6hPHPjYTpU8 W2wsG3H5xZPsSHzbcYJ8/4CFE9qY+KkntP+z1ZV6GBK9ZgkgQ6nsC8sZGbyms+7p Kq07zO642q3+Ab8pXV6e3C0uTIgIgLemK982GCRzCY4Vn8mxu7BjY2T0xSqZt6Yc AnejkJigiPu0NrQBsaJqRoO9Iw8aiDidlqLQ9etm6Bu8OamGvNXwoYs0CfmD5gtI w4l0v7Ra9xVUcAa28JNhwHD4zcIL3zcO2ad65ksGxKKCTgfVvvMUw+lywNRuVMDF d+bJKv98wWfCZYX1eAPHBkGIwtpaAtJiFHXqYb2ePLQWJRFlcw39DiCNmllbYlKk VxX3wVjnzJMyEhmtZ2VJqvss+Kl8Mmtr6tj/GYxP0rdBy7ozrBiaqZ8X2k39AsPe 3Bi4KoV1moRuckfgrpD3YbgPWxZr4ExnkeXhyVliARvve+duiqLhNA1NwEwvNYNB ft/uwQaA+26AcyDh6fsOyrPbjFfRN2Wytdew+SkvMB1w7wMvh0FZEwNCeZYtCVcq 2rDS/bx7ZRnx1tYBMcfiOLn3AB6xnjc9qy6dtHR4z3kwsGcOw4d4S5C5ZJ/ekKuV dD1LDg85hGXoaXg5BKAp4qP/z/RM5FnvZM4l6uMDbvzTIBWItBdZVNYhbnEeOtyQ jfuH5/+MjSN9z2aPC/8q =kLcF -----END PGP SIGNATURE-----
dhcpcd5_CVE-2014-6060.diff.gz
Description: application/gzip
Format: 3.0 (quilt) Source: dhcpcd5 Binary: dhcpcd5 Architecture: any Version: 6.0.5-1.2 Maintainer: Roy Marples <r...@marples.name> Homepage: http://roy.marples.name/projects/dhcpcd Standards-Version: 3.9.4.0 Build-Depends: debhelper (>= 9) Package-List: dhcpcd5 deb net optional arch=any Checksums-Sha1: 433555ac11669333344d7ec80120f3ccdd0fcae5 110259 dhcpcd5_6.0.5.orig.tar.bz2 ddf0c903462a630ec1709b91eec93ee661d079cb 4112 dhcpcd5_6.0.5-1.2.debian.tar.xz Checksums-Sha256: 191d0bfd7fdfa05a580a4671c0489cd782828251b5ea0b41b6d17f026a36493c 110259 dhcpcd5_6.0.5.orig.tar.bz2 017dfa1cbfa9b23d83e3ad812fad9841c2f54b3b7a5e12f2540d37ed825ef681 4112 dhcpcd5_6.0.5-1.2.debian.tar.xz Files: a65ed99460a61f42c05f652c2eaafe7c 110259 dhcpcd5_6.0.5.orig.tar.bz2 85ff6d3c861b799ec9a655e8f09a6552 4112 dhcpcd5_6.0.5-1.2.debian.tar.xz