Accepted pump 0.8.24-7+deb8u1 (source amd64) into oldoldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 02 Sep 2019 14:32:57 +0100
Source: pump
Binary: pump
Architecture: source amd64
Version: 0.8.24-7+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Philippe Coval <rzr@gna.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
pump - BOOTP and DHCP client for automatic IP configuration
Closes: 933674
Changes:
pump (0.8.24-7+deb8u1) jessie-security; urgency=high
.
* Fix an arbitrary code execution vulnerability. When copying the body of the
server response, the ethernet packet length could be forged leading to
being able to overwrite up to "ETH_FRAME_LEN - sizeof(*ipHdr) -
sizeof(*udpHdr) - sizeof(*bresp)" bytes of stack memory. Thanks to
<ltspro2@secmail.pro> for the report and patch. (Closes: #933674)
Checksums-Sha1:
8feb34ad236f89c542c3867c89cdc43f6168f6e9 1766 pump_0.8.24-7+deb8u1.dsc
e4b5f39419f9f2f0f88ef53ce0647dab40d35058 79790 pump_0.8.24.orig.tar.gz
1fde4886f4f2b19f2388740ccbea7d1c862a5820 30197 pump_0.8.24-7+deb8u1.diff.gz
62bb95ddc885a05b1c62d93bfea1206290d4af0b 32170 pump_0.8.24-7+deb8u1_amd64.deb
Checksums-Sha256:
a0148c4ac778af1c6db0ff4396f2786a57e6e7d3ea95e1c2b3be6eefcb2ab9dc 1766 pump_0.8.24-7+deb8u1.dsc
cbb423942a4295a07a23b76a02d645b76b4ac0b58c3a30076ad42c2ab80c2dba 79790 pump_0.8.24.orig.tar.gz
1d0918eb62d0feca9574476f721133ea3eec47a445ef92811395e11d3bb81f80 30197 pump_0.8.24-7+deb8u1.diff.gz
3a47cc18e33d6e0eda127d70dec27ee06b396f5eb5580883c88d7a1d02ad3f1c 32170 pump_0.8.24-7+deb8u1_amd64.deb
Files:
c8260c93e2514a366eeda07dcb5b3203 1766 admin optional pump_0.8.24-7+deb8u1.dsc
866fc9f62b8161eb1514a6a06597edc9 79790 admin optional pump_0.8.24.orig.tar.gz
29a344a594c628bcec427c597d844e84 30197 admin optional pump_0.8.24-7+deb8u1.diff.gz
509be39ed7fce1924d565843040cbaab 32170 admin optional pump_0.8.24-7+deb8u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl1tHEQACgkQHpU+J9Qx
HlgTAhAAuWhJUMWaKvYYjXjlPPjQifPFjsyIwhBu2wRu/DVMnwbZX+DSlKjbhwx2
zvWubPd402lVccyx7WmSFNl1pmuyXUeVuB1FNk/yaZfqElUhiPMZncx6srctR13+
LeEMZs6bzO1gVL76GUKD8H9qqHvpO/J5XPKGjftdfPv0EAN9mRtKe/8ROREyJcpM
hY6YeFSpTOfFTDZGFpzsaFXIn11YwQcUYy2IgD76nxvzw67PMj11Kw1FBUcRmz/Z
XklLh4bxvjiZKklo+iWWW3R3j42+namMb7SmQYuUoTqzYKfUVD0Lo2G+BGdvoMSW
f5wqQAMdbYt3TyO7A1Ii9U9uI84fANSvsRIhU6WA7Dp5MaAd3PybW12vpA76Rpoi
BMX4TTtqVLC53F9jfYdnSmG5cJrhbARjcqLbCv/tACP/CSMgqlIwBOGbJmgrXdzt
axjlKLjwkvCW/14HNTE5nHJTN1Z3Q/GO+X8xO3D27wa6291yMD3nSdG5NLpsOJCR
i5UzRhZQQbvE5H0rjwfK/wcXbTO8rcFrVvaenaW41yEO5sx7NSVcw3hZDQrQwLPL
Qgbn09zJbIJsgf5lAt9W67Ug4tWjbXm9z236jqBY/1wiS5+dXFimc/JxEwydxmzv
EuTSAyns3zWe9GRW1md45E2MQz+y+sKArnY2D6MEht3W3uziZb0=
=v/NJ
-----END PGP SIGNATURE-----