Your message dated Fri, 07 Oct 2022 15:19:18 +0000
with message-id <[email protected]>
and subject line Bug#1021320: fixed in isc-dhcp 4.4.3-2.1
has caused the Debian Bug report #1021320,
regarding isc-dhcp: CVE-2022-2928 CVE-2022-2929
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1021320: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021320
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: isc-dhcp
Version: 4.4.3-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 4.4.1-2.3
Control: fixed -1 4.4.1-2.3+deb11u1
Hi,
The following vulnerabilities were published for isc-dhcp.
CVE-2022-2928[0]:
| An option refcount overflow exists in dhcpd
CVE-2022-2929[1]:
| DHCP memory leak
4.4.1-2.3+deb11u1 is uploaded to security-master and pending a DSA
release.
If needed I can try to contribute a NMU for unstable/bookworm.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-2928
https://www.cve.org/CVERecord?id=CVE-2022-2928
https://kb.isc.org/docs/cve-2022-2928
[1] https://security-tracker.debian.org/tracker/CVE-2022-2929
https://www.cve.org/CVERecord?id=CVE-2022-2929
https://kb.isc.org/docs/cve-2022-2929
[2] https://lists.isc.org/pipermail/dhcp-announce/2022-October/000437.html
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: isc-dhcp
Source-Version: 4.4.3-2.1
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
isc-dhcp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated isc-dhcp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 06 Oct 2022 22:20:47 +0200
Source: isc-dhcp
Architecture: source
Version: 4.4.3-2.1
Distribution: unstable
Urgency: medium
Maintainer: Debian ISC DHCP Maintainers <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 1021320
Changes:
isc-dhcp (4.4.3-2.1) unstable; urgency=medium
.
* Non-maintainer upload.
* An option refcount overflow exists in dhcpd (CVE-2022-2928)
(Closes: #1021320)
* DHCP memory leak (CVE-2022-2929) (Closes: #1021320)
Checksums-Sha1:
3cdc9494e60d9ad7fe2df55c61a47b591089eb39 2693 isc-dhcp_4.4.3-2.1.dsc
6c0a62f1d991157d82653f63c9b61560e745972f 97980 isc-dhcp_4.4.3-2.1.debian.tar.xz
Checksums-Sha256:
f0b6507bf361f57d4cc9694b65f7e05be561c9c861cb7fd8d7a5670db3ad921a 2693
isc-dhcp_4.4.3-2.1.dsc
f26ddbe2c7b8268aefef6b341e268b65ab6a7326b678713a136515b23cd967fc 97980
isc-dhcp_4.4.3-2.1.debian.tar.xz
Files:
34553db2ffd2ab73000a0d46e4994026 2693 net important isc-dhcp_4.4.3-2.1.dsc
3206c1f7510651f101ee301d3a28a339 97980 net important
isc-dhcp_4.4.3-2.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmM/Pc1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ET+0P/j5hpydH2b1APEgPoGfQUxta+eYXJm3z
c6j1Cm6gcT88IODWLEidKwYdKc9nj5s5OV9l2h8+X5DABh9Cu7kbjUiYf4ez0+WA
6NP1PqVP3fc2p0ylIB/1SqenS7apFDRpgX2UhqnPstrt/Nkk5xWOuOnWHsCPQwe1
ChhN1qenmmE0QI5HItegxKuDg3/KNwi0IEtxCSstjRhrq/ZO3xtGVdiq8xsG4FFP
HzGIcMu2HYu0/wywozM9EOwoLVgY8BaMMDk6IK49Y92ajXVM55P1QhEiEG8uqJ63
bxXfltc0+R3dm/GIgrpwW/DbREJ/TxRe+XkOO8bYt6MjmUTujMqGZboTs/iIerCE
ZfjEaFML4i5wbFaT0Xsh4H8W0UwxDE7k5vQ1BOWobpKeEBrrvztaQn4dECirs8ur
/prSyklAAizCVd9yVT9mISXIGaV6Vo7Hy/vKhGz58r6r2LoY7qtVrHHbWiu0pv7E
7I8afE6SFmp+bL77G4H503mVN4pKnJtCOnAvOOV9SJwNQo4ep1eubb8A7+Moc9/Y
N4kcEPoMUcP/2JBhGGE5qWGB5FEGMVfOOcOWQUz2kiLVhmrkK6sIZoXeTOr0i0Cm
OCpXOs7VpIMHI80sjuENgR/FRxRb2WEDUC2/KAayOaYBelEMYPF8i/hTllCxTcNk
5fmMtJyPBzY7
=Fs/T
-----END PGP SIGNATURE-----
--- End Message ---
