48224 – Maintainer update: isc-dhcp3 (debian security fix)

Bug 48224 - Maintainer update: isc-dhcp3 (debian security fix)

Summary: Maintainer update: isc-dhcp3 (debian security fix)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	freebsd-ports-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2003-02-13 02:30 UTC by Cyrille Lefevre
Modified:	2003-02-13 02:50 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
file.diff (983 bytes, patch) 2003-02-13 02:30 UTC, Cyrille Lefevre	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Cyrille Lefevre 2003-02-13 02:30:11 UTC

On Wed, Feb 05, 2003 at 02:10:37PM +0000, Jacques A. Vidrine via RT wrote:
> 
> 
> Wed Feb  5 14:10:36 2003: Request 227 was acted upon.
> Transaction: Ticket created by nectar
>        Queue: ports
>      Subject: VU#149953 - ports/net/isc-dhcp3
>        Owner: Nobody
>   Requestors: nectar@FreeBSD.org
>       Status: new
>  Ticket <URL: https://so.celabo.org/Ticket/Display.html?id=227 >
> -------------------------------------------------------------------------
> dhcrelay can be abused to launch a denial-of-service attack against a
> DHCP server.
> 
> Debian's "fix" was to add an option to dhcrelay that allows one to
> specify a maximum hop count that is less than the default (255).
> <URL: http://www.debian.org/security/2003/dsa-245 >
> <URL: http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9-2.2.diff.gz >
> 
> There is no official word from ISC at this point.
> 
> ----- Forwarded message from CERT Coordination Center <cert@cert.org> -----
> 
> Date: Tue, 4 Feb 2003 13:03:45 -0500
> From: "CERT Coordination Center" <cert@cert.org>
> To: "FreeBSD Security" <security-officer@freebsd.org>
> Cc: "CERT Coordination Center" <cert@cert.org>
> Subject: VU#149953 - freebsd
> Message-Id: <200302041803.h14I3jb11740@holmes.blue.cert.org>
> Organization: CERT(r) Coordination Center
> 
> 
> Hello,
> 
> This message is being sent to multiple vendors. If you have not
> provided us a statement for the following issue, we would appreciate
> it if you could do so at your convenience.
> 
> <http://www.kb.cert.org/vuls/id/149953>
> 
> As always, thanks for your time and consideration.
> 
> Regards,
> Ian
> 
> Ian A. Finlay
> CERT (R) Coordination Center
> Software Engineering Institute
> Carnegie Mellon University
> Pittsburgh, PA  USA  15213-3890
> ----- End forwarded message -----

How-To-Repeat: 	n/a

Comment 1 Jacques Vidrine freebsd_committer

2003-02-13 02:43:05 UTC

State Changed
From-To: open->closed

Committed.  New package version is `isc-dhcp3-3.0.1.r11_1'. 
ports/net/isc-dhcp3/Makefile revision 1.85 
ports/net/isc-dhcp3/distinfo revision 1.43 

Thank you very much!

Comment 2 Cyrille Lefevre 2003-02-13 02:43:05 UTC

please, add the following line after PORTVERSION :

PORTREVISION=	1

thanks.

Cyrille.
-- 
Cyrille Lefevre                 mailto:cyrille.lefevre@laposte.net