Salvatore Bonaccorso <carnil@debian.org> (2021-06-03): > This brings the update to address CVE-2021-25217 / #989157 in buster > (the fix was applied already as NMU in unstable and unblocked > accordingly). > > The debian/changelog entry is > > +isc-dhcp (4.4.1-2+deb10u1) buster; urgency=medium > + > + * Non-maintainer upload. > + * A buffer overrun in lease file parsing code can be used to exploit a > + common vulnerability shared by dhcpd and dhclient (CVE-2021-25217) > + (Closes: #989157) > + > + -- Salvatore Bonaccorso <carnil@debian.org> Thu, 03 Jun 2021 12:59:09 +0200 > > The debdiff attached accordingly. But it needs a d-i ack as well from > Cyril as it produces udebs. No objections, thanks. Cheers, -- Cyril Brulebois (kibi@debian.org) <https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant
Attachment:
signature.asc
Description: PGP signature