Version in base suite: 3.0.4-13
Version in overlay suite: (not present)

Base version: dhcp3_3.0.4-13
Target version: dhcp3_3.0.4-13+etch2
Base file: /org/ftp.debian.org/ftp/pool/main/d/dhcp3/dhcp3_3.0.4-13.dsc
Target file: /org/ftp.debian.org/queue/o-p-u-new/dhcp3_3.0.4-13+etch2.dsc

 debian/patches/netmask-overflow.dpatch      |   22 ++++++++++++++++++++++
 debian/patches/server-clientid-crash.dpatch |   19 +++++++++++++++++++
 dhcp3-3.0.4/debian/changelog                |   15 +++++++++++++++
 dhcp3-3.0.4/debian/patches/00list           |    2 ++
 4 files changed, 58 insertions(+)

diff -u dhcp3-3.0.4/debian/patches/00list dhcp3-3.0.4/debian/patches/00list
--- dhcp3-3.0.4/debian/patches/00list
+++ dhcp3-3.0.4/debian/patches/00list
@@ -20,0 +21,2 @@
+netmask-overflow.dpatch
+server-clientid-crash.dpatch
diff -u dhcp3-3.0.4/debian/changelog dhcp3-3.0.4/debian/changelog
--- dhcp3-3.0.4/debian/changelog
+++ dhcp3-3.0.4/debian/changelog
@@ -1,3 +1,18 @@
+dhcp3 (3.0.4-13+etch2) oldstable-security; urgency=high
+
+  * Add patch from Sebastian Kramer to fix client overflow in netmask
+    handling.
+  * Add patch from Christoph Biedl to fix server assert involving client
+    IDs and hardware addresses (CVE-2009-1892).
+
+ -- Florian Weimer <fw@deneb.enyo.de>  Sun, 12 Jul 2009 22:00:27 +0200
+
+dhcp3 (3.0.4-13+etch1) oldstable-security; urgency=low
+
+  (not released)
+
+ -- Florian Weimer <fw@deneb.enyo.de>  Wed, 08 Jul 2009 21:35:16 +0200
+
 dhcp3 (3.0.4-13) unstable; urgency=low
 
   * Added Portuguese debconf template translation (closes: #389507)
only in patch2:
unchanged:
--- dhcp3-3.0.4.orig/debian/patches/server-clientid-crash.dpatch
+++ dhcp3-3.0.4/debian/patches/server-clientid-crash.dpatch
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## server-clientid-crash.dpatch by Christoh Biedl <debian.packages.hhqj@manchmal.in-ulm.de>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Server assert involving client IDs (CVE-2009-1892)
+
+@DPATCH@
+diff -urNad git~/server/dhcp.c git/server/dhcp.c
+--- git~/server/dhcp.c	2009-07-12 21:58:07.000000000 +0200
++++ git/server/dhcp.c	2009-07-12 21:59:02.000000000 +0200
+@@ -1784,6 +1784,8 @@
+ 				host_reference (&host, h, MDL);
+ 		}
+ 		if (!host) {
++			if (hp)
++				host_dereference (&hp, MDL);
+ 			find_hosts_by_haddr (&hp,
+ 					     packet -> raw -> htype,
+ 					     packet -> raw -> chaddr,
only in patch2:
unchanged:
--- dhcp3-3.0.4.orig/debian/patches/netmask-overflow.dpatch
+++ dhcp3-3.0.4/debian/patches/netmask-overflow.dpatch
@@ -0,0 +1,22 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## netmask-overflow.dpatch by Sebastian Kramer <krahmer@suse.de>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Client overflow in netmask handling
+
+@DPATCH@
+diff -urNad git~/client/dhclient.c git/client/dhclient.c
+--- git~/client/dhclient.c	2009-07-08 20:49:22.000000000 +0200
++++ git/client/dhclient.c	2009-07-08 20:53:58.000000000 +0200
+@@ -2544,8 +2544,9 @@
+ 					 (struct option_state *)0,
+ 					 lease -> options,
+ 					 &global_scope, oc, MDL)) {
+-		if (data.len > 3) {
+-			struct iaddr netmask, subnet, broadcast;
++		struct iaddr netmask;
++		if (data.len > 3 && data.len <= sizeof(netmask.iabuf)) {
++			struct iaddr subnet, broadcast;
+ 
+ 			memcpy (netmask.iabuf, data.data, data.len);
+ 			netmask.len = data.len;