Bug#989226: unblock: isc-dhcp/4.4.1-2.3
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: carnil@debian.org,kibi@debian.org
Hi Release team,
Please unblock package isc-dhcp
[ Reason ]
Update to adress CVE-2021-25217, tracked as #989157.
[ Impact ]
CVE remains open for bullseye.
[ Tests ]
None specifically to the vulnerability. The autopkgtests passes (only
systemd one seems flaky a bit, once retried it worked).
[ Risks ]
It includes the upstream provided patch which is overviewable and
targetted in the parsin code.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
Nothing particularly, but it needs a d-i review as well from Cyril.
unblock isc-dhcp/4.4.1-2.3
Regards,
Salvatore
diff -Nru isc-dhcp-4.4.1/debian/changelog isc-dhcp-4.4.1/debian/changelog
--- isc-dhcp-4.4.1/debian/changelog 2020-08-06 04:08:47.000000000 +0200
+++ isc-dhcp-4.4.1/debian/changelog 2021-05-27 06:59:48.000000000 +0200
@@ -1,3 +1,12 @@
+isc-dhcp (4.4.1-2.3) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * A buffer overrun in lease file parsing code can be used to exploit a
+ common vulnerability shared by dhcpd and dhclient (CVE-2021-25217)
+ (Closes: #989157)
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Thu, 27 May 2021 06:59:48 +0200
+
isc-dhcp (4.4.1-2.2) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru isc-dhcp-4.4.1/debian/patches/4.4.2.CVE-2021-25217.patch isc-dhcp-4.4.1/debian/patches/4.4.2.CVE-2021-25217.patch
--- isc-dhcp-4.4.1/debian/patches/4.4.2.CVE-2021-25217.patch 1970-01-01 01:00:00.000000000 +0100
+++ isc-dhcp-4.4.1/debian/patches/4.4.2.CVE-2021-25217.patch 2021-05-27 06:59:48.000000000 +0200
@@ -0,0 +1,29 @@
+Description: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient
+Origin: vendor
+Bug-Debian: https://bugs.debian.org/989157
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-25217
+Forwarded: not-needed
+Author: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2021-05-26
+
+diff --git a/common/parse.c b/common/parse.c
+index 386a6321..fc7b39c6 100644
+--- a/common/parse.c
++++ b/common/parse.c
+@@ -5556,13 +5556,14 @@ int parse_X (cfile, buf, max)
+ skip_to_semi (cfile);
+ return 0;
+ }
+- convert_num (cfile, &buf [len], val, 16, 8);
+- if (len++ > max) {
++ if (len >= max) {
+ parse_warn (cfile,
+ "hexadecimal constant too long.");
+ skip_to_semi (cfile);
+ return 0;
+ }
++ convert_num (cfile, &buf [len], val, 16, 8);
++ len++;
+ token = peek_token (&val, (unsigned *)0, cfile);
+ if (token == COLON)
+ token = next_token (&val,
diff -Nru isc-dhcp-4.4.1/debian/patches/series isc-dhcp-4.4.1/debian/patches/series
--- isc-dhcp-4.4.1/debian/patches/series 2020-08-06 04:08:47.000000000 +0200
+++ isc-dhcp-4.4.1/debian/patches/series 2021-05-27 06:59:48.000000000 +0200
@@ -17,3 +17,5 @@
configure.patch
Fixed_gcc_10_compilation_issues.patch
+
+4.4.2.CVE-2021-25217.patch
Reply to: