On Tue, Apr 16, 2013 at 8:08 AM, Adam D. Barratt wrote: > user release.debian....@packages.debian.org > usertags 704566 = pu > tags 704566 = wheezy > retitle 704566 pu: isc-dhcp/4.2.2.dfsg.1-5+deb70u4 > tags 704426 + wheezy-ignore > usertags 704426 + wheezy-can-defer > thanks > > > On 13.04.2013 17:28, Cyril Brulebois wrote: >> >> Adam D. Barratt <a...@adam-barratt.org.uk> (13/04/2013): >>> >>> Thanks. I'd be happy to unblock that version, but it'll need a d-i ack >>> >>> if it's to get in to wheezy. I'm not sure how feasible getting any more >>> changes is on that side right now, but let's see... >> >> >> Advisory says: >> | libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to >> | cause a denial of service (memory consumption) via vectors involving a >> | regular expression, as demonstrated by a memory-exhaustion attack >> | against a machine running a dhcpd process, a related issue to >> | CVE-2013-2266. >> >> I'd rather avoid taking chances at this very late stage. Before rc2 >> would have been doable, but now… not so much. > > > In which case, let's look at this again after the release?
It's now after. How would you like me to approach this? Do I need to do a new upload to spu? If so, should the version be +deb70u5 or +deb70u6? It looks like the tpu didn't get automatically moved over to spu [0]? Best wishes, Mike [0] http://packages.qa.debian.org/i/isc-dhcp.html -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CANTw=MPLznqnQb8EnK3V0g2nL4Ao3kOG+Q0DW==t0nbt+to...@mail.gmail.com
