Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock X-Debbugs-Cc: car...@debian.org,k...@debian.org
Hi Release team, Please unblock package isc-dhcp [ Reason ] Update to adress CVE-2021-25217, tracked as #989157. [ Impact ] CVE remains open for bullseye. [ Tests ] None specifically to the vulnerability. The autopkgtests passes (only systemd one seems flaky a bit, once retried it worked). [ Risks ] It includes the upstream provided patch which is overviewable and targetted in the parsin code. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] Nothing particularly, but it needs a d-i review as well from Cyril. unblock isc-dhcp/4.4.1-2.3 Regards, Salvatore
diff -Nru isc-dhcp-4.4.1/debian/changelog isc-dhcp-4.4.1/debian/changelog --- isc-dhcp-4.4.1/debian/changelog 2020-08-06 04:08:47.000000000 +0200 +++ isc-dhcp-4.4.1/debian/changelog 2021-05-27 06:59:48.000000000 +0200 @@ -1,3 +1,12 @@ +isc-dhcp (4.4.1-2.3) unstable; urgency=high + + * Non-maintainer upload. + * A buffer overrun in lease file parsing code can be used to exploit a + common vulnerability shared by dhcpd and dhclient (CVE-2021-25217) + (Closes: #989157) + + -- Salvatore Bonaccorso <car...@debian.org> Thu, 27 May 2021 06:59:48 +0200 + isc-dhcp (4.4.1-2.2) unstable; urgency=medium * Non-maintainer upload. diff -Nru isc-dhcp-4.4.1/debian/patches/4.4.2.CVE-2021-25217.patch isc-dhcp-4.4.1/debian/patches/4.4.2.CVE-2021-25217.patch --- isc-dhcp-4.4.1/debian/patches/4.4.2.CVE-2021-25217.patch 1970-01-01 01:00:00.000000000 +0100 +++ isc-dhcp-4.4.1/debian/patches/4.4.2.CVE-2021-25217.patch 2021-05-27 06:59:48.000000000 +0200 @@ -0,0 +1,29 @@ +Description: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient +Origin: vendor +Bug-Debian: https://bugs.debian.org/989157 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-25217 +Forwarded: not-needed +Author: Salvatore Bonaccorso <car...@debian.org> +Last-Update: 2021-05-26 + +diff --git a/common/parse.c b/common/parse.c +index 386a6321..fc7b39c6 100644 +--- a/common/parse.c ++++ b/common/parse.c +@@ -5556,13 +5556,14 @@ int parse_X (cfile, buf, max) + skip_to_semi (cfile); + return 0; + } +- convert_num (cfile, &buf [len], val, 16, 8); +- if (len++ > max) { ++ if (len >= max) { + parse_warn (cfile, + "hexadecimal constant too long."); + skip_to_semi (cfile); + return 0; + } ++ convert_num (cfile, &buf [len], val, 16, 8); ++ len++; + token = peek_token (&val, (unsigned *)0, cfile); + if (token == COLON) + token = next_token (&val, diff -Nru isc-dhcp-4.4.1/debian/patches/series isc-dhcp-4.4.1/debian/patches/series --- isc-dhcp-4.4.1/debian/patches/series 2020-08-06 04:08:47.000000000 +0200 +++ isc-dhcp-4.4.1/debian/patches/series 2021-05-27 06:59:48.000000000 +0200 @@ -17,3 +17,5 @@ configure.patch Fixed_gcc_10_compilation_issues.patch + +4.4.2.CVE-2021-25217.patch
