Bug#989420: buster-pu: package isc-dhcp/4.4.1-2+deb10u1
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: carnil@debian.org,kibi@debian.org
Hi Stable release managers,
This brings the update to address CVE-2021-25217 / #989157 in buster
(the fix was applied already as NMU in unstable and unblocked
accordingly).
The debian/changelog entry is
+isc-dhcp (4.4.1-2+deb10u1) buster; urgency=medium
+
+ * Non-maintainer upload.
+ * A buffer overrun in lease file parsing code can be used to exploit a
+ common vulnerability shared by dhcpd and dhclient (CVE-2021-25217)
+ (Closes: #989157)
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Thu, 03 Jun 2021 12:59:09 +0200
The debdiff attached accordingly. But it needs a d-i ack as well from
Cyril as it produces udebs.
Regards,
Salvatore
diff -Nru isc-dhcp-4.4.1/debian/changelog isc-dhcp-4.4.1/debian/changelog
--- isc-dhcp-4.4.1/debian/changelog 2018-12-11 04:55:12.000000000 +0100
+++ isc-dhcp-4.4.1/debian/changelog 2021-06-03 12:59:09.000000000 +0200
@@ -1,3 +1,12 @@
+isc-dhcp (4.4.1-2+deb10u1) buster; urgency=medium
+
+ * Non-maintainer upload.
+ * A buffer overrun in lease file parsing code can be used to exploit a
+ common vulnerability shared by dhcpd and dhclient (CVE-2021-25217)
+ (Closes: #989157)
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Thu, 03 Jun 2021 12:59:09 +0200
+
isc-dhcp (4.4.1-2) unstable; urgency=medium
* Set initial address to 0.0.0.0 on hurd (closes: #875566).
diff -Nru isc-dhcp-4.4.1/debian/patches/4.4.2.CVE-2021-25217.patch isc-dhcp-4.4.1/debian/patches/4.4.2.CVE-2021-25217.patch
--- isc-dhcp-4.4.1/debian/patches/4.4.2.CVE-2021-25217.patch 1970-01-01 01:00:00.000000000 +0100
+++ isc-dhcp-4.4.1/debian/patches/4.4.2.CVE-2021-25217.patch 2021-06-03 12:59:09.000000000 +0200
@@ -0,0 +1,29 @@
+Description: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient
+Origin: vendor
+Bug-Debian: https://bugs.debian.org/989157
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-25217
+Forwarded: not-needed
+Author: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2021-05-26
+
+diff --git a/common/parse.c b/common/parse.c
+index 386a6321..fc7b39c6 100644
+--- a/common/parse.c
++++ b/common/parse.c
+@@ -5556,13 +5556,14 @@ int parse_X (cfile, buf, max)
+ skip_to_semi (cfile);
+ return 0;
+ }
+- convert_num (cfile, &buf [len], val, 16, 8);
+- if (len++ > max) {
++ if (len >= max) {
+ parse_warn (cfile,
+ "hexadecimal constant too long.");
+ skip_to_semi (cfile);
+ return 0;
+ }
++ convert_num (cfile, &buf [len], val, 16, 8);
++ len++;
+ token = peek_token (&val, (unsigned *)0, cfile);
+ if (token == COLON)
+ token = next_token (&val,
diff -Nru isc-dhcp-4.4.1/debian/patches/series isc-dhcp-4.4.1/debian/patches/series
--- isc-dhcp-4.4.1/debian/patches/series 2018-11-18 07:13:45.000000000 +0100
+++ isc-dhcp-4.4.1/debian/patches/series 2021-06-03 12:59:09.000000000 +0200
@@ -16,3 +16,5 @@
bind-includes.patch
configure.patch
+
+4.4.2.CVE-2021-25217.patch
Reply to: