Package : isc-dhcp Version : 4.1.1-P1-15+squeeze10 CVE ID : CVE-2015-8605 Debian Bug : #810875 With the previous upload of the isc-dhcp package to Debian Squeeze LTS two issues got introduced into LTS that are resolved by this upload. (1) CVE-2015-8605 had only been resolved for the LDAP variant of the DHCP server package built from the isc-dhcp source package. With upload of version 4.1.1-P1-15+squeeze10, now all DHCP server variants (LDAP and non-LDAP alike) include the fix for CVE-2015-8605. Thanks to Ben Hutchings for spotting this inaccuracy. (2) The amd64 binary build of the previously uploaded isc-dhcp version (4.1.1-P1-15+squeeze9) was flawed and searched for the dhcpd.conf configuration file at the wrong location [1,2,3]. This flaw in the amd64 build had been caused by a not-100%-pure-squeeze-lts build system on the maintainer's end. The amd64 build of version 4.1.1-P1-15+squeeze10 has been redone in a brand-new build environment and does not show the reported symptom(s) anymore. I deeply apologize for the experienced inconvenience to all who encountered this issue. [1] https://bugs.debian.org/811097 [2] https://bugs.debian.org/811397 [3] https://bugs.debian.org/811402 -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunweaver@debian.org, http://sunweavers.net
Attachment:
signature.asc
Description: Digital signature