Re: ISC DHCP 3.0p1 and 3.0.1RC9 now available (fwd)

To: "Eloy A. Paris" <peloy@chapus.net>
Cc: aj@debian.org, debian-release@lists.debian.org
Subject: Re: ISC DHCP 3.0p1 and 3.0.1RC9 now available (fwd)
From: Matt Zimmerman <mdz@debian.org>
Date: Wed, 8 May 2002 18:41:57 -0400
Message-id: <[🔎] 20020508224157.GF21028@alcor.net>
Mail-followup-to: Matt Zimmerman <mdz@debian.org>, "Eloy A. Paris" <peloy@chapus.net>, aj@debian.org, debian-release@lists.debian.org
In-reply-to: <20020508205252.GA9434@chapus.net>
References: <20020508195719.GA9169@chapus.net> <20020508204711.GE21028@alcor.net> <20020508205252.GA9434@chapus.net>

On Wed, May 08, 2002 at 04:52:52PM -0400, Eloy A. Paris wrote:

> We need to get this into Woody. Do you know how to do that? We can just
> apply to rc8 the patch that fixes the problem. But since Woody is now
> released (or almost released) then perhaps the Security Team needs to get
> involved? Oh, but you are part of the Security Team! Well, that's cool:
> you are maintainer of the package with the hole and also part of the
> security team. I guess you know what we should do... :-)

Since woody is not released yet, there will probably not be an advisory, or
other security team activity (they deal with stable).  The thing that we
need to do is to email AJ and ask that this package be accepted into woody.
Having an open RC bug with the 'woody' tag would probably be appropriate
also.

I am not clear as to whether we should make an upload to
woody-proposed-updates or not, since the version is the same as unstable.
We may have to backport the patch to rc8, since (based on a quick diffstat
and the release notes) there seem to be significant changes in rc9 that are
not related to the security fix.  Nothing major, but I don't know what the
release policy is these days.

                        Changes since 3.0.1rc8

- Fix a format string vulnerability in the server that could lead to a
  remote root compromise (discovered by NGSEC Research Team, www.ngsec.com).

- Add additional support for NetBSD/sparc64.

- Fix a bug in the command-line parsing of the client.  Also, resolve
  a memory leak.

- Add better support for shells other than bash in the Linux client
  script.

- Various build fixes for modern versions of FreeBSD and Linux.

- Fix a bad bounds check when printing binding state names.

- Clarify documentation about fixed-address and multiple addresses.

- Fix a typo in the authoritative error message.

- Make a log entry when we can't write a billing class.

- Use conversion targets that are the right size on all architectures.

- Increment the hop count when relaying.

- Log a message when lease state is changed through OMAPI.

- Don't rerun the shared_network when evaluating the pool.

- Fix a reversed test in the parser.

- Change the type of rbuf_max.

- Make FTS_LAST a manifest constant to quiet warnings.

-- 
 - mdz


-- 
To UNSUBSCRIBE, email to debian-release-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Prev by Date: 3.0 and boot-floppies
Next by Date: testing b-f 3.0.23
Previous by thread: 3.0 and boot-floppies
Next by thread: testing b-f 3.0.23
Index(es):
- Date
- Thread