Bug#704566: unblock: isc-dhcp/4.2.2.dfsg.1-5+deb70u4

[Michael Gilbert <mgilbert@debian.org>]

On Tue, Apr 16, 2013 at 8:08 AM, Adam D. Barratt wrote:
> user release.debian.org@packages.debian.org
> usertags 704566 = pu
> tags 704566 = wheezy
> retitle 704566 pu: isc-dhcp/4.2.2.dfsg.1-5+deb70u4
> tags 704426 + wheezy-ignore
> usertags 704426 + wheezy-can-defer
> thanks
>
>
> On 13.04.2013 17:28, Cyril Brulebois wrote:
>>
>> Adam D. Barratt <adam@adam-barratt.org.uk> (13/04/2013):
>>>
>>> Thanks. I'd be happy to unblock that version, but it'll need a d-i ack
>>>
>>> if it's to get in to wheezy. I'm not sure how feasible getting any more
>>> changes is on that side right now, but let's see...
>>
>>
>> Advisory says:
>> | libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to
>> | cause a denial of service (memory consumption) via vectors involving a
>> | regular expression, as demonstrated by a memory-exhaustion attack
>> | against a machine running a dhcpd process, a related issue to
>> | CVE-2013-2266.
>>
>> I'd rather avoid taking chances at this very late stage. Before rc2
>> would have been doable, but now… not so much.
>
>
> In which case, let's look at this again after the release?

It's now after.  How would you like me to approach this?  Do I need to
do a new upload to spu?  If so, should the version be +deb70u5 or
+deb70u6?  It looks like the tpu didn't get automatically moved over
to spu [0]?

Best wishes,
Mike

[0] http://packages.qa.debian.org/i/isc-dhcp.html