Hi,
Attached is a debdiff of the changes I made for 3.1.2p1-1.1 2-day NMU
Cheers,
Giuseppe
diff -u dhcp3-3.1.2p1/debian/changelog dhcp3-3.1.2p1/debian/changelog
--- dhcp3-3.1.2p1/debian/changelog
+++ dhcp3-3.1.2p1/debian/changelog
@@ -1,3 +1,11 @@
+dhcp3 (3.1.2p1-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by the testing Security Team.
+ * Add patch from Christoph Biedl to fix server assert involving client
+IDs and hardware addresses (CVE-2009-1892) (Closes: #549584)
+
+ -- Giuseppe Iuculano iucul...@debian.org Sun, 04 Oct 2009 17:41:00 +0200
+
dhcp3 (3.1.2p1-1) unstable; urgency=high
* New upstream release
diff -u dhcp3-3.1.2p1/debian/patches/00list dhcp3-3.1.2p1/debian/patches/00list
--- dhcp3-3.1.2p1/debian/patches/00list
+++ dhcp3-3.1.2p1/debian/patches/00list
@@ -23,0 +24,2 @@
+#security
+server-clientid-crash.dpatch
only in patch2:
unchanged:
--- dhcp3-3.1.2p1.orig/debian/patches/server-clientid-crash.dpatch
+++ dhcp3-3.1.2p1/debian/patches/server-clientid-crash.dpatch
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## server-clientid-crash.dpatch by Christoh Biedl
debian.packages.h...@manchmal.in-ulm.de
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Server assert involving client IDs (CVE-2009-1892)
+
+...@dpatch@
+diff -urNad dhcp3~/server/dhcp.c dhcp3/server/dhcp.c
+--- dhcp3~/server/dhcp.c 2008-09-11 18:16:29.0 +0200
dhcp3/server/dhcp.c2009-10-04 16:30:42.0 +0200
+@@ -1747,6 +1747,8 @@
+ host_reference (host, h, MDL);
+ }
+ if (!host) {
++ if (hp)
++ host_dereference (hp, MDL);
+ find_hosts_by_haddr (hp,
+packet - raw - htype,
+packet - raw - chaddr,
signature.asc
Description: OpenPGP digital signature
