Your message dated Mon, 05 Mar 2018 05:52:39 +0000 with message-id <e1esj39-0009qd...@fasolo.debian.org> and subject line Bug#891786: fixed in isc-dhcp 4.3.5-3.1 has caused the Debian Bug report #891786, regarding isc-dhcp: CVE-2018-5732: A specially constructed response from a malicious server can cause a buffer overflow in dhclient to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 891786: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891786 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: isc-dhcp Version: 4.3.1-6 Severity: important Tags: security upstream Hi, the following vulnerability was published for isc-dhcp. CVE-2018-5732[0]: |A specially constructed response from a malicious server can cause a |buffer overflow in dhclient If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-5732 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5732 [1] https://kb.isc.org/article/AA-01565/75/CVE-2018-5732 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: isc-dhcp Source-Version: 4.3.5-3.1 We believe that the bug you reported is fixed in the latest version of isc-dhcp, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 891...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated isc-dhcp package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 04 Mar 2018 21:35:31 +0100 Source: isc-dhcp Binary: isc-dhcp-server isc-dhcp-server-ldap isc-dhcp-common isc-dhcp-dev isc-dhcp-client isc-dhcp-client-ddns isc-dhcp-client-udeb isc-dhcp-relay Architecture: source Version: 4.3.5-3.1 Distribution: unstable Urgency: medium Maintainer: Debian ISC DHCP maintainers <pkg-dhcp-de...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 887413 891785 891786 Description: isc-dhcp-client - DHCP client for automatically obtaining an IP address isc-dhcp-client-ddns - Dynamic DNS (DDNS) enabled DHCP client isc-dhcp-client-udeb - ISC DHCP Client for debian-installer (udeb) isc-dhcp-common - common manpages relevant to all of the isc-dhcp packages isc-dhcp-dev - API for accessing and modifying the DHCP server and client state isc-dhcp-relay - ISC DHCP relay daemon isc-dhcp-server - ISC DHCP server for automatic IP address assignment isc-dhcp-server-ldap - DHCP server that uses LDAP as its backend Changes: isc-dhcp (4.3.5-3.1) unstable; urgency=medium . * Non-maintainer upload. * Plugs a socket descriptor leak in OMAPI (CVE-2017-3144) (Closes: #887413) * Corrected refcnt loss in option parsing (CVE-2018-5733) (Closes: #891785) * Correct buffer overrun in pretty_print_option (CVE-2018-5732) (Closes: #891786) Checksums-Sha1: ecb8124333b531ec319084cc951d491bffa8ea71 2738 isc-dhcp_4.3.5-3.1.dsc d72f63506b3d72cfb6ff63cb72005ad1dc0cb294 88780 isc-dhcp_4.3.5-3.1.debian.tar.xz Checksums-Sha256: 4a22b4f74323bbaab93ae9575b4cc1b23caa9a62a192cd9842369be76fe8459d 2738 isc-dhcp_4.3.5-3.1.dsc 253edf711a9aa5bdc00a9ab8920acf337cedd64f3e7566c46a8e307835dfc6d8 88780 isc-dhcp_4.3.5-3.1.debian.tar.xz Files: 749107e35764de87138113db0bc3a4d9 2738 net important isc-dhcp_4.3.5-3.1.dsc 94f0336ee332d7c91711772eef390bf8 88780 net important isc-dhcp_4.3.5-3.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqcWfVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EJxYP/2FHTJLHuEXWC6O9siDbDz5XKCEH+CsI 4QWfqgHqaHhscEAHoKbFEnLGoSrRdowuBtt7Qr8FGBwApLsVSjuf1xbD9nMJTHHc JNHLt9sbM/7RQgQX08jI+rQFhG0mtutV/t5mjfgI+YbJXIj4w5zU65IbQudBhyoV EYvznglZti8KHfJAey3gFTFIOfSkIC5UJI8lV0Mk2um6IizTrEOIPxnBUvSxZNN9 7a7gUYZ+GoDVB/DHWOdJ4AKZHsIC1IN4E99dEu0Ak5S4px+Li7nfmSRtDkDa137q hOtJ76QN7NPxrsky6r7YUXLNeUO2W7QuMv8B/i5fZDlCpzFpcfG2evrGYevIlupk p4T1BTOGBFE0CBQXVt1m48VrRps4wJ1eHRYNMoyPC3jahwmyw9YIf9nMFNgm/LiP d3gGOpG52117gF68sGSiqPDWrZE78Vb5RK0gUk/1w3UZ2ZyZJLUY8TuiYNKfSSqs jAoC5RfighSCZUx8Cr5ezc+g0Pa2Tp6v3aE5l/uhDRrh3OiCeoK3wDiQ+S6hZbL/ QGU0jtXPF7Pu/d8rBJgaHFms5Pmg8js3njM4U/xKGc0MGzFjCMtWgSlKAenDEq+9 jGGwSWpF44/dqgJIq/yo2aLeL6otJLS7VnSXgf7aWFtHxSsVTTZ/xrDvZMPrYMWP tvj2x/Ub2r8q =3/Ku -----END PGP SIGNATURE-----
--- End Message ---
