Control: tags -1 + moreinfo On Wed, 2018-10-31 at 08:08 +0100, Michael Biebl wrote: > I'd like to make a stable upload for network-manager, addressing > CVE-2018-15688 [1]. > NetworkManager ships an internal copy of sd-network, which is used by > the dhcp=internal plugin. This plugin is used as fallback if > isc-dhcp-client is not installed or configured explicitly. > Both cases are rather uncommon which is why the security team agreed > that this is sufficient to be fixed via a regular stable upload and > doesn't require a stable-security upload. > > Upstream has committed the fix to the nm-1-6 branch and included > various smaller fixes while at it [2]. > > Strictly speaking, only [3] should be necessary to address the CVE, > but upstream recommends to pull the whole branch, which is what I > did.
>From a quick look I'd be OK with that, but it seems like the additional changes should be mentioned somehow in the changelog. Regards, Adam
