Hi, Attached is a debdiff of the changes I made for 3.1.2p1-1.1 2-day NMU
Cheers, Giuseppe
diff -u dhcp3-3.1.2p1/debian/changelog dhcp3-3.1.2p1/debian/changelog
--- dhcp3-3.1.2p1/debian/changelog
+++ dhcp3-3.1.2p1/debian/changelog
@@ -1,3 +1,11 @@
+dhcp3 (3.1.2p1-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by the testing Security Team.
+ * Add patch from Christoph Biedl to fix server assert involving client
+ IDs and hardware addresses (CVE-2009-1892) (Closes: #549584)
+
+ -- Giuseppe Iuculano <iucul...@debian.org> Sun, 04 Oct 2009 17:41:00 +0200
+
dhcp3 (3.1.2p1-1) unstable; urgency=high
* New upstream release
diff -u dhcp3-3.1.2p1/debian/patches/00list dhcp3-3.1.2p1/debian/patches/00list
--- dhcp3-3.1.2p1/debian/patches/00list
+++ dhcp3-3.1.2p1/debian/patches/00list
@@ -23,0 +24,2 @@
+#security
+server-clientid-crash.dpatch
only in patch2:
unchanged:
--- dhcp3-3.1.2p1.orig/debian/patches/server-clientid-crash.dpatch
+++ dhcp3-3.1.2p1/debian/patches/server-clientid-crash.dpatch
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## server-clientid-crash.dpatch by Christoh Biedl
<debian.packages.h...@manchmal.in-ulm.de>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Server assert involving client IDs (CVE-2009-1892)
+
+...@dpatch@
+diff -urNad dhcp3~/server/dhcp.c dhcp3/server/dhcp.c
+--- dhcp3~/server/dhcp.c 2008-09-11 18:16:29.000000000 +0200
++++ dhcp3/server/dhcp.c 2009-10-04 16:30:42.000000000 +0200
+@@ -1747,6 +1747,8 @@
+ host_reference (&host, h, MDL);
+ }
+ if (!host) {
++ if (hp)
++ host_dereference (&hp, MDL);
+ find_hosts_by_haddr (&hp,
+ packet -> raw -> htype,
+ packet -> raw -> chaddr,
signature.asc
Description: OpenPGP digital signature
