Date: Thu, 13 Feb 2003 03:20:33 +0100 (CET) From: Cyrille Lefevre <cyrille.lefevre@laposte.net> To: FreeBSD-gnats-submit@FreeBSD.org Cc: "Jacques A. Vidrine" <nectar@FreeBSD.org> Subject: ports/48224: Maintainer update: isc-dhcp3 (debian security fix) Message-ID: <200302130220.h1D2KXMn058425@mail.gits.dyndns.org>
next in thread | raw e-mail | index | archive | help
>Number: 48224 >Category: ports >Synopsis: Maintainer update: isc-dhcp3 (debian security fix) >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Wed Feb 12 18:30:11 PST 2003 >Closed-Date: >Last-Modified: >Originator: Cyrille Lefevre >Release: FreeBSD 4.7-STABLE i386 >Organization: ACME >Environment: System: FreeBSD gits 4.7-STABLE FreeBSD 4.7-STABLE #32: Thu Jan 23 00:09:17 CET 2003 root@gits:/disk2/freebsd/stable/src/sys/compile/CUSTOM i386 >Description: On Wed, Feb 05, 2003 at 02:10:37PM +0000, Jacques A. Vidrine via RT wrote: > > > Wed Feb 5 14:10:36 2003: Request 227 was acted upon. > Transaction: Ticket created by nectar > Queue: ports > Subject: VU#149953 - ports/net/isc-dhcp3 > Owner: Nobody > Requestors: nectar@FreeBSD.org > Status: new > Ticket <URL: https://so.celabo.org/Ticket/Display.html?id=227 > > ------------------------------------------------------------------------- > dhcrelay can be abused to launch a denial-of-service attack against a > DHCP server. > > Debian's "fix" was to add an option to dhcrelay that allows one to > specify a maximum hop count that is less than the default (255). > <URL: http://www.debian.org/security/2003/dsa-245 > > <URL: http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9-2.2.diff.gz > > > There is no official word from ISC at this point. > > ----- Forwarded message from CERT Coordination Center <cert@cert.org> ----- > > Date: Tue, 4 Feb 2003 13:03:45 -0500 > From: "CERT Coordination Center" <cert@cert.org> > To: "FreeBSD Security" <security-officer@freebsd.org> > Cc: "CERT Coordination Center" <cert@cert.org> > Subject: VU#149953 - freebsd > Message-Id: <200302041803.h14I3jb11740@holmes.blue.cert.org> > Organization: CERT(r) Coordination Center > > > Hello, > > This message is being sent to multiple vendors. If you have not > provided us a statement for the following issue, we would appreciate > it if you could do so at your convenience. > > <http://www.kb.cert.org/vuls/id/149953> > > As always, thanks for your time and consideration. > > Regards, > Ian > > Ian A. Finlay > CERT (R) Coordination Center > Software Engineering Institute > Carnegie Mellon University > Pittsburgh, PA USA 15213-3890 > ----- End forwarded message ----- >How-To-Repeat: n/a >Fix: Index: Makefile =================================================================== RCS file: /home/ncvs/ports/net/isc-dhcp3/Makefile,v retrieving revision 1.84 diff -u -r1.84 Makefile --- Makefile 16 Jan 2003 04:15:15 -0000 1.84 +++ Makefile 13 Feb 2003 02:10:36 -0000 @@ -14,6 +14,9 @@ PKGNAMEPREFIX= isc- PKGNAMESUFFIX= 3 DISTNAME= ${PORTNAME}-${RELEASE}${VERSION}${PATCHLEVEL} +PATCH_SITES= http://security.debian.org/pool/updates/main/d/dhcp3/ +PATCHFILES= dhcp3_3.0+3.0.1rc9-2.2.diff.gz +PATCH_DIST_STRIP=-p1 MAINTAINER= cyrille.lefevre@laposte.net Index: distinfo =================================================================== RCS file: /home/ncvs/ports/net/isc-dhcp3/distinfo,v retrieving revision 1.43 diff -u -r1.43 distinfo --- distinfo 16 Jan 2003 04:15:15 -0000 1.43 +++ distinfo 13 Feb 2003 02:03:52 -0000 @@ -1 +1,2 @@ MD5 (dhcp-3.0.1rc11.tar.gz) = af79b0453ac67fb6824247d3d48fff91 +MD5 (dhcp3_3.0+3.0.1rc9-2.2.diff.gz) = 9d555df929ea70ef2b36f7455298a79f >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200302130220.h1D2KXMn058425>