control: tags -1 patch pending On Sun, 04 Dec 2016 14:52:24 +0100 Salvatore Bonaccorso <car...@debian.org> wrote: > Source: dhcpcd5 > Version: 6.0.5-2 > Severity: important > Tags: security upstream patch > Control: found -1 6.10.1-1 > > Hi, > > the following vulnerability was published for dhcpcd5. > > CVE-2014-7913[0]: > | The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as > | used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, > | misinterprets the return value of the snprintf function, which allows > | remote DHCP servers to execute arbitrary code or cause a denial of > | service (memory corruption) via a crafted message. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2014-7913 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7913 > [1] http://roy.marples.name/projects/dhcpcd/ci/528541c4c619520e?sbs=0 > > Please adjust the affected versions in the BTS as needed. > > Regards, > Salvatore >
the following debian tarball has been uploaded in unstable.
I had to update the version because the patch didn't apply to the old one
dhcpcd5 (7.0.8-0.1) unstable; urgency=medium
[ Gianfranco Costamagna ]
* New upstream release.
* Non-maintainer upload.
- Closes: #846938
* Switch control/copyright files in secure mode
[ Julien Lavergne ]
* New upstream release.
* debian/control:
- Add lsb-base (>= 3.0-6) on depends, for the init script.
* debian/patches:
- Disable, merged upstream.
* debian/copyright:
- Update copyright.
-- Gianfranco Costamagna <locutusofb...@debian.org> Wed, 26 Sep 2018 10:03:43
+0200
Please refer to archive or uscan to get the tarball.
cheers,
G.
>
dhcpcd5_7.0.8-0.1.debian.tar.xz
Description: application/xz
