From Debian ChangeLog: * Fix a security hole. A malformed DHCP packet could crash dhcpcd
base-system, pls verify/advise
Roy: could you take care of this for us please ?
Merged in the patch by Simon Kelly the Debian dhcpcd maintainer. Punted old ebuilds. r5 becomes r11, r10 becomes r12 - both have fix r5 remains in the tree as it's marked stable - all others have been punted.
r11 has been marked stable for x86 and amd64
Calling arches. Please test and mark 1.3.22_p4-r11 stable. Thanks in advance. (x86 and amd64 already stable)
Stable on hppa
Stable on SPARC.
marked ppc stable
- -------------------------------------------------------------------------- Debian Security Advisory DSA 750-1 security@debian.org http://www.debian.org/security/ Martin Schulze July 11th, 2005 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : dhcpcd Vulnerability : out-of-bound memory access Problem-Type : remote Debian-specific: no CVE ID : CAN-2005-1848 "infamous42md" discovered that dhcpcd, a DHCP client for automatically configuring IPv4 networking, can be tricked into reading past the end of the supplied DHCP buffer which could lead to the daemon crashing.
stable on ppc64
Stable on alpha + ia64.
Ready for GLSA
mips stable
GLSA 200507-16 arm should mark stable to benefit from GLSA