Hi Pierre, On Tue, Nov 18, 2014 at 03:58:45PM +0100, Pierre Schweitzer wrote: > Package: dhcpcd5 > Severity: important > Tags: security patch > > dhcpd5 is vulnerable to the CVE-2014-6060 which can cause a denial of service: > https://security-tracker.debian.org/tracker/CVE-2014-6060 > > Please find attached the debdiff & dsc for NMU upload which fixes the > vulnerability in unstable.
(disclaimer: not the maintainer here). Thank you for the debdiff. I have looked at it the patch itself look good. I have some small remarks, also in the light if an unblock for jessie might be wanted: The changelog only says: * Fix CVE-2014-6060 in dhcpcd5 Could you (now that the bugnumber is known) please also add the Closes marker for the bug #770043. Additionally "Fix CVE-2014-6060 in dhcpcd5" will probably not make the release team too happy when requesting the unblock for jessie ;-). I would at least add that it fixes a denial of service vulnerability. See [1] for the freeze policy. For the patch itself a suggestion: Could you add more patch headers e.g. as per DEP3[2]. I would happily sponsor the upload then if still required (uploading to a delayed queue, just in case we hear from Roy). [1] https://release.debian.org/jessie/freeze_policy.html [2] http://dep.debian.net/deps/dep3/ Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
