Your message dated Wed, 26 Sep 2018 13:19:23 +0000
with message-id <[email protected]>
and subject line Bug#846938: fixed in dhcpcd5 7.0.8-0.1
has caused the Debian Bug report #846938,
regarding dhcpcd5: CVE-2014-7913
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
846938: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=846938
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: dhcpcd5
Version: 6.0.5-2
Severity: important
Tags: security upstream patch
Control: found -1 6.10.1-1
Hi,
the following vulnerability was published for dhcpcd5.
CVE-2014-7913[0]:
| The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as
| used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products,
| misinterprets the return value of the snprintf function, which allows
| remote DHCP servers to execute arbitrary code or cause a denial of
| service (memory corruption) via a crafted message.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-7913
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7913
[1] http://roy.marples.name/projects/dhcpcd/ci/528541c4c619520e?sbs=0
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: dhcpcd5
Source-Version: 7.0.8-0.1
We believe that the bug you reported is fixed in the latest version of
dhcpcd5, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gianfranco Costamagna <[email protected]> (supplier of updated dhcpcd5
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 26 Sep 2018 10:03:43 +0200
Source: dhcpcd5
Binary: dhcpcd5
Architecture: source
Version: 7.0.8-0.1
Distribution: unstable
Urgency: medium
Maintainer: Jose dos Santos Junior <[email protected]>
Changed-By: Gianfranco Costamagna <[email protected]>
Description:
dhcpcd5 - DHCPv4, IPv6RA and DHCPv6 client with IPv4LL support
Closes: 846938
Changes:
dhcpcd5 (7.0.8-0.1) unstable; urgency=medium
.
[ Gianfranco Costamagna ]
* New upstream release.
* Non-maintainer upload.
- Closes: #846938
* Switch control/copyright files in secure mode
.
[ Julien Lavergne ]
* New upstream release.
* debian/control:
- Add lsb-base (>= 3.0-6) on depends, for the init script.
* debian/patches:
- Disable, merged upstream.
* debian/copyright:
- Update copyright.
Checksums-Sha1:
24826e8671fd3d2ae2bad9550f3bf0dae9996b35 1721 dhcpcd5_7.0.8-0.1.dsc
39445fac21200463ca5a08a261408c6abb9a263a 210752 dhcpcd5_7.0.8.orig.tar.xz
e68d55878db5d701b2bef69e1f2f1c312f692dbf 5676 dhcpcd5_7.0.8-0.1.debian.tar.xz
98ebfa05bded8280a87bfd2e5bc0da378a493af3 6119
dhcpcd5_7.0.8-0.1_source.buildinfo
Checksums-Sha256:
c38d6be5bc6297bfac95ea826181412ccb7b393022f33a30f28d3d6938fc4ccc 1721
dhcpcd5_7.0.8-0.1.dsc
96968e883369ab4afd11eba9dfd9bb109f5dfff65b2814ce6c432f36362dc9b5 210752
dhcpcd5_7.0.8.orig.tar.xz
1281394e7683a837b1ffc50ec3e15bf48c93c8df96e9ea3cfab91e3007459651 5676
dhcpcd5_7.0.8-0.1.debian.tar.xz
3a8de3df80a852900b8876c5d19d545e15483ef3ca7cfd8a291268615cfd86db 6119
dhcpcd5_7.0.8-0.1_source.buildinfo
Files:
65dff75911eb8293c503a3352ee66287 1721 net optional dhcpcd5_7.0.8-0.1.dsc
77bbb1d73b6f30d6ddcc8b0fd3eae266 210752 net optional dhcpcd5_7.0.8.orig.tar.xz
6bc1bb8c2cf33624786fd2021cc30f0c 5676 net optional
dhcpcd5_7.0.8-0.1.debian.tar.xz
63e40189433d32b1e39edc6e23beb8f9 6119 net optional
dhcpcd5_7.0.8-0.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEkpeKbhleSSGCX3/w808JdE6fXdkFAlurgpoACgkQ808JdE6f
XdmuuhAApX8gssB+8RgDEKGRSoFNDTSri4bnitxQB9XFb0QCLCVi6gSwsEhXhO7e
ZBSbOJg9HCOpycotn1AzYSLD4dWAVApbUDj/vtzqMhXfV6j77IDYjFIFhwyeop3s
UWWxOZ5ZR3R8PY2UObzysGX75Twpwgns4pgxxKTT0FNXDMZ5qa/9xBPTJP8A+6mm
LJHL/7WW0KecMdypt7KjuGQaC6Sb4p+lLIPUaYV2QiEM+hkZu0Wyc8uLxNhW72Ow
hvJzsOsU4H666+2g1afki8KZbJ7zXqN1tr6A/EVprDG3aWlzouT16Oca82nrVUCA
t+Bu0taZpBkchYTiRAAl6lVFhYP+AZLrzvLTrENunbhU9jXuWV0tVTAmpIKXJsr3
reS7CmczTw2EKG99GowcyjUKMg3ERAp/c4H3QmVtwJr3bQlcLs8VBClHNOAcMQry
vv3rMJjOLk5ZvIf1Ry3ZqeTrXQISDIpKYFRm1YIVnplNHOa9KX0AfeQjpQhzEroc
yGbA209w+2KhfxsciCWphr9zbBMv/csGvKsep12l6GUBi7JEtTKOWaalAntyiJqZ
jn6xOXAA6SDB2tqSgN03TMIgrVLXktfZDkw4mjjorlQS23k6VyX3d60vEHnkDSFs
iRF/HM3SAvfHqCEwM/PaBII16S17vPNBrLTicQu37xarfxR3xvI=
=zazI
-----END PGP SIGNATURE-----
--- End Message ---
