On 2019-04-27.03:46, Timo Sigurdsson wrote:
> * auth: Use consttime_memequal to avoid latency attack consttime_memequal
> is supplied if libc does not support it
> dhcpcd >=6.2 <7.2.1 are vulnerable
>
> * DHCP: Fix a potential 1 byte read overflow with DHO_OPTSOVERLOADED
> dhcpcd
Package: dhcpcd5
Version: any
Severity: serious
Dear Maintainer,
upstream released a new version of dhcpcd5 fixing three security issues. All
versions currently found in Debian (jessie, stretch, buster, sid) are
vulnerable to at least two of these issues, according to the announcement on
2 matches
Mail list logo
