Debian Bug report logs - #686174
isc-dhcp: CVE-2012-3570 CVE-2012-3571 CVE-2012-3954

version graph

Package: isc-dhcp; Maintainer for isc-dhcp is Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>;

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Wed, 29 Aug 2012 14:21:02 UTC

Severity: grave

Tags: patch, security

Fixed in versions isc-dhcp/4.2.4-2, isc-dhcp/4.2.2.dfsg.1-5+deb70u1

Done: Michael Gilbert <mgilbert@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>:
Bug#686174; Package isc-dhcp. (Wed, 29 Aug 2012 14:21:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>. (Wed, 29 Aug 2012 14:21:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: isc-dhcp: CVE-2012-3570 CVE-2012-3571 CVE-2012-3954
Date: Wed, 29 Aug 2012 16:15:10 +0200
Package: isc-dhcp
Severity: grave
Tags: security
Justification: user security hole

The following security issues are still open in Wheezy and sid:

CVE-2012-3954: https://kb.isc.org/article/AA-00737

CVE-2012-3571: https://kb.isc.org/article/AA-00712

CVE-2012-3570: https://kb.isc.org/article/AA-00714

Cheers,
        Moritz



Information forwarded to debian-bugs-dist@lists.debian.org, Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>:
Bug#686174; Package isc-dhcp. (Sun, 09 Sep 2012 22:57:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to David Prévot <taffit@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>. (Sun, 09 Sep 2012 22:57:05 GMT) Full text and rfc822 format available.

Message #10 received at 686174@bugs.debian.org (full text, mbox):

From: David Prévot <taffit@debian.org>
To: 686174@bugs.debian.org
Subject: isc-dhcp: diff for NMU version 4.2.4-1.1
Date: Sun, 9 Sep 2012 18:52:12 -0400
[Message part 1 (text/plain, inline)]
tags 686174 + patch
tags 686174 + pending
thanks

Dear maintainer,

I've prepared an NMU for isc-dhcp (versioned as 4.2.4-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards.

David
[isc-dhcp-4.2.4-1.1-nmu.diff (text/x-diff, attachment)]
[signature.asc (application/pgp-signature, inline)]

Added tag(s) patch. Request was from David Prévot <taffit@debian.org> to control@bugs.debian.org. (Sun, 09 Sep 2012 22:57:09 GMT) Full text and rfc822 format available.

Added tag(s) pending. Request was from David Prévot <taffit@debian.org> to control@bugs.debian.org. (Sun, 09 Sep 2012 22:57:09 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>:
Bug#686174; Package isc-dhcp. (Mon, 10 Sep 2012 03:18:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Gilbert <mgilbert@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>. (Mon, 10 Sep 2012 03:18:03 GMT) Full text and rfc822 format available.

Message #19 received at 686174@bugs.debian.org (full text, mbox):

From: Michael Gilbert <mgilbert@debian.org>
To: taffit@debian.org, 686174@bugs.debian.org
Subject: Re: [pkg-dhcp-devel] Bug#686174: isc-dhcp: diff for NMU version 4.2.4-1.1
Date: Sun, 9 Sep 2012 23:14:30 -0400
On Sun, Sep 9, 2012 at 6:52 PM, David Prévot wrote:
> tags 686174 + patch
> tags 686174 + pending
> thanks
>
> Dear maintainer,
>
> I've prepared an NMU for isc-dhcp (versioned as 4.2.4-1.1) and
> uploaded it to DELAYED/2. Please feel free to tell me if I
> should delay it longer.

It is not good practice to include fixes for multiple cve's in the
same patch (i.e. how do we tell which is which in the future, and what
if upstream only fixes some), so I would rather see this as-is
canceled, patches separated, and re-uploaded.

Ditto for the tpu, which should really be going in via
testing-security.  I was going to do work on that within the next week
anyway.

Thanks,
Mike



Information forwarded to debian-bugs-dist@lists.debian.org, Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>:
Bug#686174; Package isc-dhcp. (Mon, 10 Sep 2012 03:30:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to David Prévot <taffit@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>. (Mon, 10 Sep 2012 03:30:03 GMT) Full text and rfc822 format available.

Message #24 received at 686174@bugs.debian.org (full text, mbox):

From: David Prévot <taffit@debian.org>
To: Michael Gilbert <mgilbert@debian.org>
Cc: 686174@bugs.debian.org
Subject: Re: [pkg-dhcp-devel] Bug#686174: isc-dhcp: diff for NMU version 4.2.4-1.1
Date: Sun, 09 Sep 2012 23:26:06 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Control: tags -1 - pending

Le 09/09/2012 23:14, Michael Gilbert a écrit :

> It is not good practice to include fixes for multiple cve's in the
> same patch

I simply followed the example from stable-security that fixed the
relevant issues a month ago.

> (i.e. how do we tell which is which in the future, and what
> if upstream only fixes some)

Already fixed upstream, as documented in the patch.

> so I would rather see this as-is canceled,

Done

> I was going to do work on that within the next week anyway.

Good, I let it to you then.

Regards

David


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJQTV3MAAoJELgqIXr9/gnyf4oP/RetYNyrQrfOuiCHAlfXO+MI
+mhsyVUpT061un2x8ZD5rEPHo7XCUjhelgXgbMjc+bK8V8ZqHY8sa4lNhDYJq9zn
LOguIaLbmURtCRQtomlo4FczKayLA5ghTJRlfe4eS7SHBh2Ab4xSWjz8SRY+omdt
oBl1Zqet+LXBC5vYRKAFOfRe17uUnzUyGqINAc/Pt587ZTfHsb9r7X8YtMcTr4MW
nCOJiafw2ApFKw/xF6eQDFRzLNaU/0Uy///9i2uhuOuw82fqeY40fwniHNtTCPJo
mdswz3Ag8vt0grqTQJbVawA8LKIsEGTvmXZ9rG0K9f5GBuxfXsZuf1IoCjfLwlUq
yMQKfYgdAZ5qAQJuWlDoHCI44UQl9Npi8gQwaEGNkrbAVDy9Eyjo8BoeTO/fwXxv
s8F9JXKxy2w1dCsBOHFojn6hFX2NNhBOrEXFzh/p2HJx7w0bbTMTBA1FEBDLOy8g
o85BiCI+HcAEBIwb/mC3m04RCVzCgpGWtCLcGUEyNTCCldBcR+Kw5MgKmEmkMuLV
K1ULScDRwXcZSFVyIM+CkytTkMtGoPoKcJGSBLCvaBMzxRAXJHXcoTZuKxJF6kYb
8a/j2jEyRc3Dp3P4LsrePzpJWvR955DeaxBRxu51b8RvBAGgcZFRoBHCTXogGb4v
o/2RJEpTU+sRWe5FUVX0
=L8dP
-----END PGP SIGNATURE-----



Removed tag(s) pending. Request was from David Prévot <taffit@debian.org> to 686174-submit@bugs.debian.org. (Mon, 10 Sep 2012 03:30:03 GMT) Full text and rfc822 format available.

Reply sent to Michael Gilbert <mgilbert@debian.org>:
You have taken responsibility. (Fri, 14 Sep 2012 05:21:04 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Fri, 14 Sep 2012 05:21:04 GMT) Full text and rfc822 format available.

Message #31 received at 686174-close@bugs.debian.org (full text, mbox):

From: Michael Gilbert <mgilbert@debian.org>
To: 686174-close@bugs.debian.org
Subject: Bug#686174: fixed in isc-dhcp 4.2.4-2
Date: Fri, 14 Sep 2012 05:17:48 +0000
Source: isc-dhcp
Source-Version: 4.2.4-2

We believe that the bug you reported is fixed in the latest version of
isc-dhcp, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 686174@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <mgilbert@debian.org> (supplier of updated isc-dhcp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 14 Sep 2012 00:46:11 -0400
Source: isc-dhcp
Binary: isc-dhcp-server isc-dhcp-server-dbg isc-dhcp-server-ldap isc-dhcp-common isc-dhcp-dev isc-dhcp-client isc-dhcp-client-dbg isc-dhcp-client-udeb isc-dhcp-relay isc-dhcp-relay-dbg
Architecture: source amd64
Version: 4.2.4-2
Distribution: unstable
Urgency: low
Maintainer: Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description: 
 isc-dhcp-client - ISC DHCP client
 isc-dhcp-client-dbg - ISC DHCP client (debugging symbols)
 isc-dhcp-client-udeb - ISC DHCP Client for debian-installer (udeb)
 isc-dhcp-common - common files used by all the isc-dhcp* packages
 isc-dhcp-dev - API for accessing and modifying the DHCP server and client state
 isc-dhcp-relay - ISC DHCP relay daemon
 isc-dhcp-relay-dbg - DHCP relay daemon (debugging symbols)
 isc-dhcp-server - ISC DHCP server for automatic IP address assignment
 isc-dhcp-server-dbg - ISC DHCP server for automatic IP address assignment (debug)
 isc-dhcp-server-ldap - DHCP server able to use LDAP as backend
Closes: 686174
Changes: 
 isc-dhcp (4.2.4-2) unstable; urgency=low
 .
   * Fix multiple security issues (closes: #686174)
     - cve-2012-3570: buffer overflow via lanrge hardware address length.
     - cve-2012-3571: denial-of-service via zero-length packets.
     - cve-2012-3954: two potential memory leaks.
     - cve-2012-3955: server abort due to certain lease time changes.
Checksums-Sha1: 
 f4edef99cb054c138b755b6ef340039282295f73 3239 isc-dhcp_4.2.4-2.dsc
 5e630abeece19c4c6346a22454404df3d1951ad9 93020 isc-dhcp_4.2.4-2.debian.tar.gz
 8f32bcbb31545b932f85a8ee25affb76769c7686 933756 isc-dhcp-server_4.2.4-2_amd64.deb
 0a02c9ab7220b434039ca07f6cd6c3857e133016 2580564 isc-dhcp-server-dbg_4.2.4-2_amd64.deb
 1cd7c58ea499725b71343c2958394f2ee2dd4873 880238 isc-dhcp-server-ldap_4.2.4-2_amd64.deb
 df2ddc579b68dcad5bb87bace72cf5173a2fec36 854690 isc-dhcp-common_4.2.4-2_amd64.deb
 cbb6cbe1cba7324de8c36c6551af770c1aaf959f 774154 isc-dhcp-dev_4.2.4-2_amd64.deb
 9b79e8dc3c70558807b841e9bf275e76ef47881d 793454 isc-dhcp-client_4.2.4-2_amd64.deb
 a13a1c1115613e1b5cb58f0c8e29d41b5abb282d 2252716 isc-dhcp-client-dbg_4.2.4-2_amd64.deb
 d32b6c6410dde433fce60f5a1906dfe5f5c5ca84 599632 isc-dhcp-client-udeb_4.2.4-2_amd64.udeb
 2ee0978b0083b06ebaf8c2a9ccd23447d2e2697f 733930 isc-dhcp-relay_4.2.4-2_amd64.deb
 d21298069b509e0d5c9ee23ec9ae642ed8eec37b 2154920 isc-dhcp-relay-dbg_4.2.4-2_amd64.deb
Checksums-Sha256: 
 5749879b18ed3942709888a96fe43101cd7400f30033824c786ae7263f01d53c 3239 isc-dhcp_4.2.4-2.dsc
 cee2b3568fa2cc659c52f2c1446806e0aee31146b95903a379c07cf50b0e05b7 93020 isc-dhcp_4.2.4-2.debian.tar.gz
 da08fbcc88861457e79e86405e866d2c3ab69d1198a1ed13c26a185b4988aa05 933756 isc-dhcp-server_4.2.4-2_amd64.deb
 246787771e724f45f26034d935de8a6344eb9a2fc509fb748c1ceb0da20f9683 2580564 isc-dhcp-server-dbg_4.2.4-2_amd64.deb
 3250d8f2ee03af9ecbd1579173866ad1b0d1393289fcb7991fb984dcefb4fc79 880238 isc-dhcp-server-ldap_4.2.4-2_amd64.deb
 d137e7de0a7e646016e5cb8cda4280c4e078ef560dfe581195942cef93b2f745 854690 isc-dhcp-common_4.2.4-2_amd64.deb
 3f0ab8b482006127f8dac3e531115f093c42d899af2d749ed90e5ab865250e4b 774154 isc-dhcp-dev_4.2.4-2_amd64.deb
 dee9e437b8ffb9929a4234d34811c06d0b63dc3ca7a86c541c07bf794d3f7d41 793454 isc-dhcp-client_4.2.4-2_amd64.deb
 45c61223c5cd0acb037b7b871568668cc9ab003dc506babbeb0e42f2d205ff3c 2252716 isc-dhcp-client-dbg_4.2.4-2_amd64.deb
 fd0ff1d98b3a0509637805cb01c97eec88c8b0b17b222d6e01836685fba7d998 599632 isc-dhcp-client-udeb_4.2.4-2_amd64.udeb
 209189bf89abbf688567fb4251ecc5a7af78663cadae025b422346d45c6e0155 733930 isc-dhcp-relay_4.2.4-2_amd64.deb
 e4ada508e4c043d0b7e98e034d2839f970870af24794a79f2d0fd35813c63d62 2154920 isc-dhcp-relay-dbg_4.2.4-2_amd64.deb
Files: 
 edaedcd1bbb751056dae890709e1ee68 3239 net important isc-dhcp_4.2.4-2.dsc
 30acdd4fb56edf11d21427ee9f23ce7e 93020 net important isc-dhcp_4.2.4-2.debian.tar.gz
 34706bb7e665761ee04688b7618c185d 933756 net optional isc-dhcp-server_4.2.4-2_amd64.deb
 496213392917f3e8db6f6f9d530eab2f 2580564 debug extra isc-dhcp-server-dbg_4.2.4-2_amd64.deb
 3a565c85b4a49898a69cc4e3664caf6d 880238 net optional isc-dhcp-server-ldap_4.2.4-2_amd64.deb
 6bcfd8f5d673a722c53775503ea413f0 854690 net important isc-dhcp-common_4.2.4-2_amd64.deb
 b91fe6326fe2dd7ef999132044e3dbd7 774154 devel optional isc-dhcp-dev_4.2.4-2_amd64.deb
 5d32ff7008c87a0fbe7c675cb54e1d7d 793454 net important isc-dhcp-client_4.2.4-2_amd64.deb
 c3530d570af7746caed03d7fb8b31d31 2252716 debug extra isc-dhcp-client-dbg_4.2.4-2_amd64.deb
 989fa3ae979fbf54081e0090b1bc2d9e 599632 debian-installer extra isc-dhcp-client-udeb_4.2.4-2_amd64.udeb
 2816f2a57d78488acb1614bf11b22aa6 733930 net optional isc-dhcp-relay_4.2.4-2_amd64.deb
 522aca10a82ca5d377173f7adde6b38a 2154920 debug extra isc-dhcp-relay-dbg_4.2.4-2_amd64.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQQcBAEBCAAGBQJQUrgJAAoJELjWss0C1vRzesYgAJnrkXdW/HP8RGG8BzsD1f34
/SQKizBsEatV233nz/EFfH27mrloncQoAnlLPycoOGfUXrhhPEssemXfXGrburYW
bj5PqgxGnCjhJYnwtGxL3YGa3TPN00DbsUjR8MHz5n/wMMlVScjuyYsO7xFOFdOd
DeXLsJpiH28nbUN1EFAEt0A2a0bGwUlNUWNPUViVkByJfRICnihYpDD2OIOkxm+c
5Bxcj4O3x5za7tGljHxikC2KcUHxzml9VixW29MkqODscpcFN/YyhS36VCbzuQR1
MAHt1KcTYgKcTuzErYqgi+pm3ODjs44DG+xol924VjwJyg7KyXHhucTb+PjzKjrJ
+FgNtzX1TZ325zrmgARmaPgcQhMyGxjC7cTBIIATx6MpthQ97pxMx+w4u0tga/6Y
roayyY51weCHhhqP2wiDQX008r1CnzQqtPjSB7hax47ppFePTBP6XipOvYgP07Ib
KMJUc/tcOngHkF1Xt6Jyg5DqOydPYpDlpUHUE5y4iOU4c8iyJzGtJAtyxz+oT1Zz
QZsjKfL64xnu8Ca63UIVqVRgI9zNjFl4Kvt50iJy2HiGu+U745S+aqXICSQV+BWt
+LjJLzlB5CShHjkZyUFsEohB5RXfyrY2N/E5V/ocLpxifuSvVLhJkBw61N/wUkbu
XJ3nE0vsnz4e0I6IVozyghcFahOCV0ry6USja0Q77t57HhVLFU14JWilkSZaZfOL
S56C8gaW1D8fMi/15hpYP23aUa8s7YlnyzuQSq4iAiyl+5oMp/RqRbdBGMyedQS0
xvbajtVKHs3ekwGO/bVvOWLp39eA5s1fiiJVcF4pCxTTF2VXX76HpvhvXs/kkrWP
B8zm+R3u+AGmNV1HySqumSN5ATUld8iGEZxwqDx8+Jn6wLyp/EnCE6s47p9Hj2YX
PmW8vB5nRhDlHLnYnS7Haaq4E/y9ZrlnoF1twel9dyzw/Nklpqf9di4YMUSij5x+
ZLNmSstlvRO1Pn43k+Ft0EdsasNBBUFkfXaXMj7CCxGxPzvdzOnxnQ5fqefVXj8z
bHvDMb7fM0ZTEkZc7cCZffY21MrW9QKdhpfQyLQ4v511iA0XP1qUIXnucC1o4HeS
ciBjxHxQR0cyR/vKjAtFeUqnEsCcLwh7Ht+S15qlHMb6yXdob2XJa4rHG5wHfrty
JZCvkYpxQt3x/5tLnwAbv0TSd1h26nxEVxNeAE91/b/LxiOdOFy/E4EX7+igILA4
zNA7dz60hzHUyG1VBG2KYogqbcBDCHTGaozWOhHfsf9aRQMSOL0dueaDWIV8Tc6s
Xv5HKFVqVOuy0irLe97WNcrJ96cvQ6iQhGYlhuWNU64xWaV85BclrexnREopqTA=
=7172
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>:
Bug#686174; Package isc-dhcp. (Fri, 14 Sep 2012 23:51:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Raphael Geissert <geissert@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>. (Fri, 14 Sep 2012 23:51:07 GMT) Full text and rfc822 format available.

Message #36 received at 686174@bugs.debian.org (full text, mbox):

From: Raphael Geissert <geissert@debian.org>
To: Michael Gilbert <mgilbert@debian.org>
Cc: 686174@bugs.debian.org, 685268@bugs.debian.org, team@security.debian.org
Subject: Your isc-dhcp 4.2.2.dfsg.1-5+wheezy1 upload
Date: Fri, 14 Sep 2012 18:46:48 -0500
Hi,

I'm rejecting your isc-dhcp upload to the security archive for the following 
reasons:

* Uploads must be coordinated and ACKed by the security team. Unless I'm 
missing something, it didn't happen this way.
* Incorrect version numbering. For Wheezy the +debNuX schema will be used.
* The testing-security queue is not functional. Any security update for 
wheezy, during its freeze, must go through testing-proposed-updates if it 
can't go through sid.

Regards,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net



Information forwarded to debian-bugs-dist@lists.debian.org, Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>:
Bug#686174; Package isc-dhcp. (Sat, 15 Sep 2012 17:18:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Raphael Geissert <geissert@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>. (Sat, 15 Sep 2012 17:18:05 GMT) Full text and rfc822 format available.

Message #41 received at 686174@bugs.debian.org (full text, mbox):

From: Raphael Geissert <geissert@debian.org>
To: Michael Gilbert <mgilbert@debian.org>
Cc: 686174@bugs.debian.org, 685268@bugs.debian.org, team@security.debian.org
Subject: Re: Your isc-dhcp 4.2.2.dfsg.1-5+wheezy1 upload
Date: Sat, 15 Sep 2012 12:14:25 -0500
Hi again,

On Friday 14 September 2012 18:46:48 Raphael Geissert wrote:
> * Uploads must be coordinated and ACKed by the security team. Unless I'm
> missing something, it didn't happen this way.

I've been pointed out that you talked to Nico about it.  Please accept my 
apologies.

Kind regards,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net



Information forwarded to debian-bugs-dist@lists.debian.org, Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>:
Bug#686174; Package isc-dhcp. (Sat, 15 Sep 2012 20:27:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Gilbert <mgilbert@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>. (Sat, 15 Sep 2012 20:27:03 GMT) Full text and rfc822 format available.

Message #46 received at 686174@bugs.debian.org (full text, mbox):

From: Michael Gilbert <mgilbert@debian.org>
Cc: 686174@bugs.debian.org, team@security.debian.org
Subject: Re: Bug#685268: Your isc-dhcp 4.2.2.dfsg.1-5+wheezy1 upload
Date: Sat, 15 Sep 2012 16:22:49 -0400
On Fri, Sep 14, 2012 at 7:46 PM, Raphael Geissert wrote:
> * Incorrect version numbering. For Wheezy the +debNuX schema will be used.

I wasn't aware that this was the new rule.   I was using the
following, which seemed like it had already been updated for wheezy
http://testing-security.debian.net/uploading.html

It would be nice if that were corrected.  Also devref could use some
correction as well since it specifies the old naming too
http://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-security-building

> * The testing-security queue is not functional. Any security update for
> wheezy, during its freeze, must go through testing-proposed-updates if it
> can't go through sid.

Shouldn't we be making use of testing-security now to make sure its
really ready to go once the release happens?   Especially for
specifically targeted security-only fixes?  Anyway, if it has to be
tpu, I'll do that, but being a security-only fix, testing-security
just seems like it should be right.

Best wishes,
Mike



Information forwarded to debian-bugs-dist@lists.debian.org, Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>:
Bug#686174; Package isc-dhcp. (Sun, 16 Sep 2012 17:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>. (Sun, 16 Sep 2012 17:33:03 GMT) Full text and rfc822 format available.

Message #51 received at 686174@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: Michael Gilbert <mgilbert@debian.org>, 686174@bugs.debian.org
Cc: team@security.debian.org
Subject: Re: Bug#686174: Bug#685268: Your isc-dhcp 4.2.2.dfsg.1-5+wheezy1 upload
Date: Sun, 16 Sep 2012 18:27:32 +0100
On Sat, 2012-09-15 at 16:22 -0400, Michael Gilbert wrote:
> On Fri, Sep 14, 2012 at 7:46 PM, Raphael Geissert wrote:
> > * Incorrect version numbering. For Wheezy the +debNuX schema will be used.
[...]
> It would be nice if that were corrected.  Also devref could use some
> correction as well since it specifies the old naming too
> http://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-security-building

DevRef's information on version numbers could do with some work in
general.  It's spread out around various places and often isn't inline
with practice, or even self-consistent - it variously suggests the
+debNuX scheme for NMUs for stable / testing, where it hasn't previously
been used, +codenameX for stable-sec and codenameX for t-p-u; the aim is
to unify all of those in to a standard form.

In general one isn't concerned whether an upload to stable or t-p-u was
a maintainer upload or not; the purpose of the version number is largely
to indicate that the upload was made to a suite other than unstable /
experimental.

Regards,

Adam




Reply sent to Michael Gilbert <mgilbert@debian.org>:
You have taken responsibility. (Tue, 18 Sep 2012 10:45:10 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Tue, 18 Sep 2012 10:45:10 GMT) Full text and rfc822 format available.

Message #56 received at 686174-close@bugs.debian.org (full text, mbox):

From: Michael Gilbert <mgilbert@debian.org>
To: 686174-close@bugs.debian.org
Subject: Bug#686174: fixed in isc-dhcp 4.2.2.dfsg.1-5+deb70u1
Date: Tue, 18 Sep 2012 10:41:36 +0000
Source: isc-dhcp
Source-Version: 4.2.2.dfsg.1-5+deb70u1

We believe that the bug you reported is fixed in the latest version of
isc-dhcp, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 686174@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <mgilbert@debian.org> (supplier of updated isc-dhcp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 14 Sep 2012 00:26:44 -0400
Source: isc-dhcp
Binary: isc-dhcp-server isc-dhcp-server-dbg isc-dhcp-server-ldap isc-dhcp-common isc-dhcp-dev isc-dhcp-client isc-dhcp-client-dbg isc-dhcp-client-udeb isc-dhcp-relay isc-dhcp-relay-dbg
Architecture: source amd64
Version: 4.2.2.dfsg.1-5+deb70u1
Distribution: testing-proposed-updates
Urgency: high
Maintainer: Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description: 
 isc-dhcp-client - ISC DHCP client
 isc-dhcp-client-dbg - ISC DHCP client (debugging symbols)
 isc-dhcp-client-udeb - ISC DHCP Client for debian-installer (udeb)
 isc-dhcp-common - common files used by all the isc-dhcp* packages
 isc-dhcp-dev - API for accessing and modifying the DHCP server and client state
 isc-dhcp-relay - ISC DHCP relay daemon
 isc-dhcp-relay-dbg - DHCP relay daemon (debugging symbols)
 isc-dhcp-server - ISC DHCP server for automatic IP address assignment
 isc-dhcp-server-dbg - ISC DHCP server for automatic IP address assignment (debug)
 isc-dhcp-server-ldap - DHCP server able to use LDAP as backend
Closes: 686174
Changes: 
 isc-dhcp (4.2.2.dfsg.1-5+deb70u1) testing-proposed-updates; urgency=high
 .
   * Correct multiple security issues (closes: #686174)
     - cve-2012-3570: buffer overflow via large hardware address lengths.
     - cve-2012-3571: denial-of-service via zero-length packets.
     - cve-2012-3954: two potential memory leaks.
     - cve-2012-3955: server abort due to certain lease time changes.
Checksums-Sha1: 
 35c07b2156496ef69b059ce8d563c3b4789a176e 3322 isc-dhcp_4.2.2.dfsg.1-5+deb70u1.dsc
 19287571ebb08d3567be005537f1a6870fdce10d 7347700 isc-dhcp_4.2.2.dfsg.1.orig.tar.gz
 cbcea14110a75c4a29325824da6c409a523bdc08 95575 isc-dhcp_4.2.2.dfsg.1-5+deb70u1.debian.tar.gz
 49669c068b1fb45b260dbf7c51ec864d17f93c28 928422 isc-dhcp-server_4.2.2.dfsg.1-5+deb70u1_amd64.deb
 2f17cd4d4c107c86cdda96c7bac81759a6d3d177 2566424 isc-dhcp-server-dbg_4.2.2.dfsg.1-5+deb70u1_amd64.deb
 2dd23c3eb3a42866bb233ee95139eaa851de3054 884038 isc-dhcp-server-ldap_4.2.2.dfsg.1-5+deb70u1_amd64.deb
 e73fa35e693c20ee0c15d7fb42cedb66b1163571 847874 isc-dhcp-common_4.2.2.dfsg.1-5+deb70u1_amd64.deb
 4d1e65aceb13d5300c9a814822a5152b04b99e66 773250 isc-dhcp-dev_4.2.2.dfsg.1-5+deb70u1_amd64.deb
 2446ce3074bd9d8dc33fcaec67694cf64c2eebc0 788750 isc-dhcp-client_4.2.2.dfsg.1-5+deb70u1_amd64.deb
 676e98ef69230382cdaee495177c7fa680948554 2238482 isc-dhcp-client-dbg_4.2.2.dfsg.1-5+deb70u1_amd64.deb
 d2a1a053461bafd6f7e55c2f2208db3df919b5f6 596450 isc-dhcp-client-udeb_4.2.2.dfsg.1-5+deb70u1_amd64.udeb
 f0f8ecbcbbe5294349096c83ab463ed126626b19 729102 isc-dhcp-relay_4.2.2.dfsg.1-5+deb70u1_amd64.deb
 e289282a6e62d99a196951232c01b0ce1679d2cf 2141234 isc-dhcp-relay-dbg_4.2.2.dfsg.1-5+deb70u1_amd64.deb
Checksums-Sha256: 
 a2208eab2760e22e0c784ea5c16d97eefb9e395ce02b8197160da64a5f2e5782 3322 isc-dhcp_4.2.2.dfsg.1-5+deb70u1.dsc
 23b2e175c59f2b59c55f1998c8f9eb6bd05c4da7295f926653f6f2f769f53f06 7347700 isc-dhcp_4.2.2.dfsg.1.orig.tar.gz
 3043cc99070aa8ac5f35f09aaac892c9574e2c6a7f666dbec273e56440438aa0 95575 isc-dhcp_4.2.2.dfsg.1-5+deb70u1.debian.tar.gz
 acf850075adf5af4898b12ddbf297be12ce46ea7bcb2bfe678e76bddd9b5bfd4 928422 isc-dhcp-server_4.2.2.dfsg.1-5+deb70u1_amd64.deb
 808dced8e69d7cea97eaafc0c52283cca97638988bef7f5c55e4313a4d9acc3a 2566424 isc-dhcp-server-dbg_4.2.2.dfsg.1-5+deb70u1_amd64.deb
 2eff95528f9edd3f77f5cba44f99002889530dabd297fd513ab4e289c07b6830 884038 isc-dhcp-server-ldap_4.2.2.dfsg.1-5+deb70u1_amd64.deb
 79a5cbacfaeeb881e54fea23b3a548eaed9021b954f6365120d080f49299b29b 847874 isc-dhcp-common_4.2.2.dfsg.1-5+deb70u1_amd64.deb
 85e5a549dd2c4ba03bb8adfbd47164b1a96862bbfa894aeed439700d5d7fd806 773250 isc-dhcp-dev_4.2.2.dfsg.1-5+deb70u1_amd64.deb
 ef60d2c47e0ea32fdb012afb5240d8c7aece6f4826be1f7cf005a39cc116b7b4 788750 isc-dhcp-client_4.2.2.dfsg.1-5+deb70u1_amd64.deb
 a7be3008fef28c6ffc775d07ea3b37904bb82c9923fc200db3223263f81ebbb7 2238482 isc-dhcp-client-dbg_4.2.2.dfsg.1-5+deb70u1_amd64.deb
 c8ae3ef94da7f37cf3ec506791b3a613ca7292c3637c409cb03d2793208e0884 596450 isc-dhcp-client-udeb_4.2.2.dfsg.1-5+deb70u1_amd64.udeb
 4893fbe6151c14a6756f82d00917c935c766f531635926651c867df9ed8541fd 729102 isc-dhcp-relay_4.2.2.dfsg.1-5+deb70u1_amd64.deb
 572e1d146e9963447d9a9d1b14fdc07261c4b47984322907b3324aa64a202511 2141234 isc-dhcp-relay-dbg_4.2.2.dfsg.1-5+deb70u1_amd64.deb
Files: 
 8abdc401651046ea85d619e4d74948ad 3322 net important isc-dhcp_4.2.2.dfsg.1-5+deb70u1.dsc
 a0373968ccf5f974dcc0727e4110dbc3 7347700 net important isc-dhcp_4.2.2.dfsg.1.orig.tar.gz
 f593cc202483d78d0a27366dd4a6cb2c 95575 net important isc-dhcp_4.2.2.dfsg.1-5+deb70u1.debian.tar.gz
 980b0edd8c5cc68995a179d92f2d0abc 928422 net optional isc-dhcp-server_4.2.2.dfsg.1-5+deb70u1_amd64.deb
 5bb881781f01f0ee5cd15f3121c05158 2566424 debug extra isc-dhcp-server-dbg_4.2.2.dfsg.1-5+deb70u1_amd64.deb
 4029a984629f30a872e771a0822d1c8f 884038 net optional isc-dhcp-server-ldap_4.2.2.dfsg.1-5+deb70u1_amd64.deb
 5692ec472a15466001e0bd9e013f62c4 847874 net important isc-dhcp-common_4.2.2.dfsg.1-5+deb70u1_amd64.deb
 e45cee8d0034feb301684a754e2815a1 773250 devel optional isc-dhcp-dev_4.2.2.dfsg.1-5+deb70u1_amd64.deb
 c3818118967582a91c6e762e7984696c 788750 net important isc-dhcp-client_4.2.2.dfsg.1-5+deb70u1_amd64.deb
 088c50feb7d64ae62bcea82e3fab6118 2238482 debug extra isc-dhcp-client-dbg_4.2.2.dfsg.1-5+deb70u1_amd64.deb
 74828a6da6b819e2374aacd7c18e007e 596450 debian-installer extra isc-dhcp-client-udeb_4.2.2.dfsg.1-5+deb70u1_amd64.udeb
 b017d707e9bd20434a15e033ed2741ee 729102 net optional isc-dhcp-relay_4.2.2.dfsg.1-5+deb70u1_amd64.deb
 2763515d7e2899350a7a32ac15253768 2141234 debug extra isc-dhcp-relay-dbg_4.2.2.dfsg.1-5+deb70u1_amd64.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQQcBAEBCAAGBQJQV5zSAAoJELjWss0C1vRzCaQf/0bCBt/W+AscEbfz9CRzS7Vt
9Vc3MsHVqoC4kmfJx5kn/UbUHoYvEqcb+TFeu00TjNj0bM9inR1Lhm2xJZIHYu08
E4LOA7y8a4+DuF6TQbcOICJ5/mOfGnqCZoGtgjEPnTO5YyNp2baOSZLGZJMtyQxZ
uMB8XPRTOrElPFymd/68aYeGZydbpVqE+jbV33JdZxM4dF+X5X2b12VDjUyQkzvh
X+pgDcOe9SINqj82eadGr6X1qnj8V3adGPiIXAwdhgmpY97GMWMT7c+f57Wgpeqj
32LxvJtpNvyF3Xm6g6nVTfG2fwJr8InevLiPOvYNsrDtV39sorwgUEVg1v1s116m
llkXlOzsGrzqE0qiBz8vZn2G3JW4rYzewtClthg/n6vJjElWL65Yctoe0VXJkwrt
8I0eVgdtGoGdHEcu3BcqBi2XXndePe1IdmiV1JTlKel7EKkt3pEP5EiNYSF1PYG/
UrpET0KrC+oGw90vVQ+TDKwtwDuSUf6gwA2w1q9ol1dM2q867WePUmNCW2+Zfe/O
wocngef+0zzU08VfkZcLezqfXvxDDHl4Za5+RoIzhHzYYAh8cpi2KqtD4vupoSpN
1z6Vbq4KrrM6iPsiCGlU/qQ804JuE2wWhQWO+TmRXwSdsh6PS2ZGu+oh9wTJ/mkO
fvZwr/8vSCs8SOYFpvqZAD1BcEOCMs8z0EtUXxd5HgA2KoLmlle4R4vKb1/N1iCp
nq/Gx4c3Ufuesm5uPbiAaEh8WRGtTQGLDp/h0G4oFufoGys5aXrLvBv+BFx90P3J
zn59Il4G/SdMyK+HLXz7dtCGieGw145CA3IFbdlNr8yP8oysYj9arfb1PpAIZKaO
/EOzZlBopJQYodCG48rSDc5wox9/xxcuS5GX6WeGfplS+D0mHSqJzfOPD5fGC5kZ
1ObyGa8C1uZ99AOL+5jarGgtEq2EKb4GlYoinHiGrAkOicCHfuUzkfBUV+UBMuSu
haqG0fSil7XyOBqTUdQ7hZLCYGSCfmNdAHXnyfFfn/D81nFh5ri2rgqdrWkn7IWz
oLOLj8R42QnLIMoKQqflJVXsCcn3jHE899XRTTWmd/CU8hfu6TI8Jr8EwbaQO1T6
wuppVIuSZiqUEzTX+Bkwfv2LNy6RPi4dEQH4Fbfh0wQSWzfMSm9XIMfnXo2RqldV
gblIZEXLTuOrr6G90GM/lRN3XQJZMQ3qs4sN2GM/vLMDrrNcoCpc5W5p8uD6SjhU
jccvUss+3BX9CUCQw0qSe9lHq3ZgT3PHf83NQ4n0vs1BnQM4rYvURwjfpEngWzyf
khL/SBzN+r7jPrpOkZa0oIRSlthvkE4M36+9IQmVNu3J+A6CwyxPpR5V0dT7sRM=
=jkJ4
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 19 Oct 2012 07:27:31 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 03:05:03 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.