control: tags -1 patch pending On Sun, 04 Dec 2016 14:52:24 +0100 Salvatore Bonaccorso <car...@debian.org> wrote: > Source: dhcpcd5 > Version: 6.0.5-2 > Severity: important > Tags: security upstream patch > Control: found -1 6.10.1-1 > > Hi, > > the following vulnerability was published for dhcpcd5. > > CVE-2014-7913[0]: > | The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as > | used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, > | misinterprets the return value of the snprintf function, which allows > | remote DHCP servers to execute arbitrary code or cause a denial of > | service (memory corruption) via a crafted message. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2014-7913 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7913 > [1] http://roy.marples.name/projects/dhcpcd/ci/528541c4c619520e?sbs=0 > > Please adjust the affected versions in the BTS as needed. > > Regards, > Salvatore >
the following debian tarball has been uploaded in unstable. I had to update the version because the patch didn't apply to the old one dhcpcd5 (7.0.8-0.1) unstable; urgency=medium [ Gianfranco Costamagna ] * New upstream release. * Non-maintainer upload. - Closes: #846938 * Switch control/copyright files in secure mode [ Julien Lavergne ] * New upstream release. * debian/control: - Add lsb-base (>= 3.0-6) on depends, for the init script. * debian/patches: - Disable, merged upstream. * debian/copyright: - Update copyright. -- Gianfranco Costamagna <locutusofb...@debian.org> Wed, 26 Sep 2018 10:03:43 +0200 Please refer to archive or uscan to get the tarball. cheers, G. >
dhcpcd5_7.0.8-0.1.debian.tar.xz
Description: application/xz