CVS commit: [pkgsrc-2012Q2] pkgsrc/net/isc-dhcp4

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2012Q2] pkgsrc/net/isc-dhcp4
From: "S.P.Zeidler" <spz%netbsd.org@localhost>
Date: Wed, 25 Jul 2012 05:44:06 +0000

Module Name:    pkgsrc
Committed By:   spz
Date:           Wed Jul 25 05:44:06 UTC 2012

Modified Files:
        pkgsrc/net/isc-dhcp4 [pkgsrc-2012Q2]: Makefile.common distinfo
        pkgsrc/net/isc-dhcp4/patches [pkgsrc-2012Q2]:
            patch-includes_Makefile.in

Log Message:
Pullup ticket #3869 - requested by taca
net/isc-dhcp4: security update

Revisions pulled up:
- net/isc-dhcp4/Makefile.common                                 1.16
- net/isc-dhcp4/distinfo                                        1.12
- net/isc-dhcp4/patches/patch-includes_Makefile.in              1.2

-------------------------------------------------------------------
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Wed Jul 25 00:56:53 UTC 2012

   Modified Files:
        pkgsrc/net/isc-dhcp4: Makefile.common distinfo
        pkgsrc/net/isc-dhcp4/patches: patch-includes_Makefile.in

   Log Message:
   Update isc-dhcp4 package to 4.2.4p1 (ISC DHCP 4.2.4-P1).
   Fixes security problems.

                        Changes since 4.2.4

   ! Previously the server code was relaxed to allow packets with zero
     length client ids to be processed.  Under some situations use of
     zero length client ids can cause the server to go into an infinite
     loop.  As such ids are not valid according to RFC 2132 section 9.14
     the server no longer accepts them.  Client ids with a length of 1
     are also invalid but the server still accepts them in order to
     minimize disruption.  The restriction will likely be tightened in
     the future to disallow ids with a length of 1.
     Thanks to Markus Hietava of Codenomicon CROSS project for the
     finding this issue and CERT-FI for vulnerability coordination.
     [ISC-Bugs #29851]
     CVE: CVE-2012-3571

   ! When attempting to convert a DUID from a client id option
     into a hardware address handle unexpected client ids properly.
     Thanks to Markus Hietava of Codenomicon CROSS project for the
     finding this issue and CERT-FI for vulnerability coordination.
     [ISC-Bugs #29852]
     CVE: CVE-2012-3570

   ! A pair of memory leaks were found and fixed.  Thanks to
     Glen Eustace of Massey University, New Zealand for finding
     this issue.
     [ISC-Bugs #30024]
     CVE: CVE-2012-3954

   To generate a diff of this commit:
   cvs rdiff -u -r1.15 -r1.16 pkgsrc/net/isc-dhcp4/Makefile.common
   cvs rdiff -u -r1.11 -r1.12 pkgsrc/net/isc-dhcp4/distinfo
   cvs rdiff -u -r1.1 -r1.2 \
       pkgsrc/net/isc-dhcp4/patches/patch-includes_Makefile.in


To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.15.2.1 pkgsrc/net/isc-dhcp4/Makefile.common
cvs rdiff -u -r1.11 -r1.11.2.1 pkgsrc/net/isc-dhcp4/distinfo
cvs rdiff -u -r1.1 -r1.1.12.1 \
    pkgsrc/net/isc-dhcp4/patches/patch-includes_Makefile.in

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/www/p5-HTML-Tree
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/www/p5-HTML-Tree
Indexes:

Home | Main Index | Thread Index | Old Index