Bug#989157: isc-dhcp: diff for NMU version 4.4.1-2.3

Wed, 26 May 2021 22:27:14 -0700 

Control: tags 989157 + patch
Control: tags 989157 + pending


Dear maintainer,

I've prepared an NMU for isc-dhcp (versioned as 4.4.1-2.3) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer (or even if fine with the NMU and want me to
reschedule).

Regards,
Salvatore

diff -Nru isc-dhcp-4.4.1/debian/changelog isc-dhcp-4.4.1/debian/changelog
--- isc-dhcp-4.4.1/debian/changelog	2020-08-06 04:08:47.000000000 +0200
+++ isc-dhcp-4.4.1/debian/changelog	2021-05-27 06:59:48.000000000 +0200
@@ -1,3 +1,12 @@
+isc-dhcp (4.4.1-2.3) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * A buffer overrun in lease file parsing code can be used to exploit a
+    common vulnerability shared by dhcpd and dhclient (CVE-2021-25217)
+    (Closes: #989157)
+
+ -- Salvatore Bonaccorso <car...@debian.org>  Thu, 27 May 2021 06:59:48 +0200
+
 isc-dhcp (4.4.1-2.2) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru isc-dhcp-4.4.1/debian/patches/4.4.2.CVE-2021-25217.patch isc-dhcp-4.4.1/debian/patches/4.4.2.CVE-2021-25217.patch
--- isc-dhcp-4.4.1/debian/patches/4.4.2.CVE-2021-25217.patch	1970-01-01 01:00:00.000000000 +0100
+++ isc-dhcp-4.4.1/debian/patches/4.4.2.CVE-2021-25217.patch	2021-05-27 06:59:48.000000000 +0200
@@ -0,0 +1,29 @@
+Description: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient
+Origin: vendor
+Bug-Debian: https://bugs.debian.org/989157
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-25217
+Forwarded: not-needed
+Author: Salvatore Bonaccorso <car...@debian.org>
+Last-Update: 2021-05-26
+
+diff --git a/common/parse.c b/common/parse.c
+index 386a6321..fc7b39c6 100644
+--- a/common/parse.c
++++ b/common/parse.c
+@@ -5556,13 +5556,14 @@ int parse_X (cfile, buf, max)
+ 				skip_to_semi (cfile);
+ 				return 0;
+ 			}
+-			convert_num (cfile, &buf [len], val, 16, 8);
+-			if (len++ > max) {
++			if (len >= max) {
+ 				parse_warn (cfile,
+ 					    "hexadecimal constant too long.");
+ 				skip_to_semi (cfile);
+ 				return 0;
+ 			}
++			convert_num (cfile, &buf [len], val, 16, 8);
++			len++;
+ 			token = peek_token (&val, (unsigned *)0, cfile);
+ 			if (token == COLON)
+ 				token = next_token (&val,
diff -Nru isc-dhcp-4.4.1/debian/patches/series isc-dhcp-4.4.1/debian/patches/series
--- isc-dhcp-4.4.1/debian/patches/series	2020-08-06 04:08:47.000000000 +0200
+++ isc-dhcp-4.4.1/debian/patches/series	2021-05-27 06:59:48.000000000 +0200
@@ -17,3 +17,5 @@
 
 configure.patch
 Fixed_gcc_10_compilation_issues.patch
+
+4.4.2.CVE-2021-25217.patch

Reply via email to