Bug#770043: marked as done (dhcpcd5: CVE-2014-6060: Denial of Service)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Tue, 25 Nov 2014 21:47:07 +0000
with message-id <E1XtNwx-0008Qz-DO@franck.debian.org>
and subject line Bug#770043: fixed in dhcpcd5 5.5.6-1+deb7u1
has caused the Debian Bug report #770043,
regarding dhcpcd5: CVE-2014-6060: Denial of Service
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
770043: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770043
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: Denial of Service in dhcpd5: CVE-2014-6060
• From: Pierre Schweitzer <pierre@reactos.org>
• Date: Tue, 18 Nov 2014 15:58:45 +0100
• Message-id: <20141118145845.9898.68992.reportbug@leptoquark>

Package: dhcpcd5
Severity: important
Tags: security patch

dhcpd5 is vulnerable to the CVE-2014-6060 which can cause a denial of service:
https://security-tracker.debian.org/tracker/CVE-2014-6060

Please find attached the debdiff & dsc for NMU upload which fixes the
vulnerability in unstable.

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)

Format: 3.0 (quilt)
Source: dhcpcd5
Binary: dhcpcd5
Architecture: any
Version: 6.0.5-1.2
Maintainer: Roy Marples <roy@marples.name>
Homepage: http://roy.marples.name/projects/dhcpcd
Standards-Version: 3.9.4.0
Build-Depends: debhelper (>= 9)
Package-List:
 dhcpcd5 deb net optional arch=any
Checksums-Sha1:
 433555ac11669333344d7ec80120f3ccdd0fcae5 110259 dhcpcd5_6.0.5.orig.tar.bz2
 6b0e6b6f52ac26421fc13651e362add431b93b30 3884 dhcpcd5_6.0.5-1.2.debian.tar.xz
Checksums-Sha256:
 191d0bfd7fdfa05a580a4671c0489cd782828251b5ea0b41b6d17f026a36493c 110259 dhcpcd5_6.0.5.orig.tar.bz2
 aeb0154d40edfba10a3c6f8420526995fefcf8749a71f0a203454446dbc2176a 3884 dhcpcd5_6.0.5-1.2.debian.tar.xz
Files:
 a65ed99460a61f42c05f652c2eaafe7c 110259 dhcpcd5_6.0.5.orig.tar.bz2
 4cd653acc4baebfbea4eca217688a433 3884 dhcpcd5_6.0.5-1.2.debian.tar.xz

Attachment: dhcpcd5_CVE-2014-6060.diff.gz
Description: application/gzip

--- End Message ---

--- Begin Message ---

• To: 770043-close@bugs.debian.org
• Subject: Bug#770043: fixed in dhcpcd5 5.5.6-1+deb7u1
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Tue, 25 Nov 2014 21:47:07 +0000
• Message-id: <E1XtNwx-0008Qz-DO@franck.debian.org>

Source: dhcpcd5
Source-Version: 5.5.6-1+deb7u1

We believe that the bug you reported is fixed in the latest version of
dhcpcd5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 770043@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated dhcpcd5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 20 Nov 2014 13:29:49 +0100
Source: dhcpcd5
Binary: dhcpcd5
Architecture: source amd64
Version: 5.5.6-1+deb7u1
Distribution: stable
Urgency: medium
Maintainer: Roy Marples <roy@marples.name>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 dhcpcd5    - RFC2131 compliant DHCP client with IPv4LL support
Closes: 770043
Changes: 
 dhcpcd5 (5.5.6-1+deb7u1) stable; urgency=medium
 .
   * Non-maintainer upload by the Security Team.
   * Fix denial of service (CVE-2014-6060) in dhcpcd5:
     - backport fix from debian unstable dhcpcd5/6.0.5-2
     (Closes: #770043)
Checksums-Sha1: 
 a530a0055923afc383f139df355b018ebc63a57e 1730 dhcpcd5_5.5.6-1+deb7u1.dsc
 7cdd668d27b64509d078204f2a5e94e8914d5a13 3763 dhcpcd5_5.5.6-1+deb7u1.debian.tar.gz
 fb77bceafc8d7250591ebdb1c75a2783494fbf33 75402 dhcpcd5_5.5.6-1+deb7u1_amd64.deb
Checksums-Sha256: 
 bd07adf030233129ab34412b09823a7a1068dbb050e976104de82847e2316fd0 1730 dhcpcd5_5.5.6-1+deb7u1.dsc
 a82658bd3275b78481037360f46121612bcaa64c00aff1f0e196e3b5f9644579 3763 dhcpcd5_5.5.6-1+deb7u1.debian.tar.gz
 b0104a5a0f127fa383e6f26ae1f224a01dd1f4ccf84aeacedb65b1d584d3ae0a 75402 dhcpcd5_5.5.6-1+deb7u1_amd64.deb
Files: 
 0d2c93468aad4c39e5cc9825ae9b7cdd 1730 net optional dhcpcd5_5.5.6-1+deb7u1.dsc
 c0b966395f45a1b65087cfce1153cb8a 3763 net optional dhcpcd5_5.5.6-1+deb7u1.debian.tar.gz
 48670d00c201710ee4e76241e47161fb 75402 net optional dhcpcd5_5.5.6-1+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJUbz09AAoJEAVMuPMTQ89EI0UP/3voIFD08I/yBDVEp9OM08H+
ewUbYtDrl4tD4unqOnKuDbHYAAiNcOHhAfVw77WjdiAgPUi29OhjiPd78TLN55rW
J+ugrIG6/rq0k3J8iLvi84FTUFH2qdyK8ED5BIk44UOPpVeh6wYDSphF6yb2Mcke
JxIq+Q0d5vaSRhrfrmMBxBh4LwYclBw8pHf7aXzNI9d378H/gkVrLac+lPyNpisV
3X+Inb1PcsIfMlCjs327lIC8h+acVZ7cZcc0psn1JxPV9CFmLopR/lhlSYymVLGQ
cYlZ967FRQFpNPyb2ZQpyPLCG4X7UVZ/y/8Q9do+LbVV6OaTxj+zbs4jcTp0Oz6t
qeB2CVuL+cEXp6xJ02UUc80QS64XGpAOACsiS7H1D9lJZHFTs5ZKNVtTjKTMRPGJ
Mvm09F3x1zCZbXOwGGx8velwrsy+/pI42q5hPRPMNtrMzuQHiwqgB7PL9P2Q5UgV
F1G9J1vCeBiiCx5T6uw7K3QArVy/vljfmfFV86YI0Or/eW0TG1fWwY3INXi3oSpQ
ltbbfa6K7+hefv5hWrLMpXOzQmmpwjns3i1t7+eg9zUwDkuYkhucwb4ZRzVeOzxs
36w0LLeRwRJVtSRdiQD9+oj5j+td+GNwy3UwkpNmic6gCvKUJP8BQbuIt+NQJjeS
zlD15m0ImhDG2f/Rxa/w
=Ge/g
-----END PGP SIGNATURE-----

--- End Message ---