Package: release.debian.org Severity: normal Tags: buster User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-Cc: car...@debian.org,k...@debian.org
Hi Stable release managers, This brings the update to address CVE-2021-25217 / #989157 in buster (the fix was applied already as NMU in unstable and unblocked accordingly). The debian/changelog entry is +isc-dhcp (4.4.1-2+deb10u1) buster; urgency=medium + + * Non-maintainer upload. + * A buffer overrun in lease file parsing code can be used to exploit a + common vulnerability shared by dhcpd and dhclient (CVE-2021-25217) + (Closes: #989157) + + -- Salvatore Bonaccorso <car...@debian.org> Thu, 03 Jun 2021 12:59:09 +0200 The debdiff attached accordingly. But it needs a d-i ack as well from Cyril as it produces udebs. Regards, Salvatore
diff -Nru isc-dhcp-4.4.1/debian/changelog isc-dhcp-4.4.1/debian/changelog --- isc-dhcp-4.4.1/debian/changelog 2018-12-11 04:55:12.000000000 +0100 +++ isc-dhcp-4.4.1/debian/changelog 2021-06-03 12:59:09.000000000 +0200 @@ -1,3 +1,12 @@ +isc-dhcp (4.4.1-2+deb10u1) buster; urgency=medium + + * Non-maintainer upload. + * A buffer overrun in lease file parsing code can be used to exploit a + common vulnerability shared by dhcpd and dhclient (CVE-2021-25217) + (Closes: #989157) + + -- Salvatore Bonaccorso <car...@debian.org> Thu, 03 Jun 2021 12:59:09 +0200 + isc-dhcp (4.4.1-2) unstable; urgency=medium * Set initial address to 0.0.0.0 on hurd (closes: #875566). diff -Nru isc-dhcp-4.4.1/debian/patches/4.4.2.CVE-2021-25217.patch isc-dhcp-4.4.1/debian/patches/4.4.2.CVE-2021-25217.patch --- isc-dhcp-4.4.1/debian/patches/4.4.2.CVE-2021-25217.patch 1970-01-01 01:00:00.000000000 +0100 +++ isc-dhcp-4.4.1/debian/patches/4.4.2.CVE-2021-25217.patch 2021-06-03 12:59:09.000000000 +0200 @@ -0,0 +1,29 @@ +Description: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient +Origin: vendor +Bug-Debian: https://bugs.debian.org/989157 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-25217 +Forwarded: not-needed +Author: Salvatore Bonaccorso <car...@debian.org> +Last-Update: 2021-05-26 + +diff --git a/common/parse.c b/common/parse.c +index 386a6321..fc7b39c6 100644 +--- a/common/parse.c ++++ b/common/parse.c +@@ -5556,13 +5556,14 @@ int parse_X (cfile, buf, max) + skip_to_semi (cfile); + return 0; + } +- convert_num (cfile, &buf [len], val, 16, 8); +- if (len++ > max) { ++ if (len >= max) { + parse_warn (cfile, + "hexadecimal constant too long."); + skip_to_semi (cfile); + return 0; + } ++ convert_num (cfile, &buf [len], val, 16, 8); ++ len++; + token = peek_token (&val, (unsigned *)0, cfile); + if (token == COLON) + token = next_token (&val, diff -Nru isc-dhcp-4.4.1/debian/patches/series isc-dhcp-4.4.1/debian/patches/series --- isc-dhcp-4.4.1/debian/patches/series 2018-11-18 07:13:45.000000000 +0100 +++ isc-dhcp-4.4.1/debian/patches/series 2021-06-03 12:59:09.000000000 +0200 @@ -16,3 +16,5 @@ bind-includes.patch configure.patch + +4.4.2.CVE-2021-25217.patch