I will stable this on amd64, but we need it stabled everywhere else
asap. The issue is that Roy advised me that there is a DoS attack vector
in dhcpcd versions from 4.0.0 to 6.4.2 which is fixed in 6.4.3 by this
Please test and stabilize asap.
CVE request: http://seclists.org/oss-sec/2014/q3/261
Stable for HPPA.
Stable on alpha.
Marked ppc/ppc64 stable.
glsa request filed.
All vulnerable versions have been removed.
This issue was resolved and addressed in
GLSA 201409-03 at http://security.gentoo.org/glsa/glsa-201409-03.xml
by GLSA coordinator Mikle Kolyada (Zlogene).
The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows
remote DHCP servers to cause a denial of service by resetting the
DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section,
which triggers the option to be processed again.