[ubuntu/vivid-proposed] ppp 2.4.6-3.1ubuntu1 (Accepted)
Scott Kitterman
scott at kitterman.com
Thu Apr 16 14:43:10 UTC 2015
ppp (2.4.6-3.1ubuntu1) vivid; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/load_ppp_generic_if_needed: load ppp_generic kernel
module if needed.
- add EAP-TLS/MPPE support patch from Jan Just Keijser.
- debian/control: add libssl-dev to Build-Depends for the EAP-TLS patch.
* debian/patches/ppp-2.4.5-eaptls-mppe-0.994.patch,
debian/patches/ppp-2.4.6-eaptls-mppe-0.997.patch: updated the EAP-TLS/MPPE
support patch to the latest version from its upstream (also refreshed it).
* debian/ppp.preinst: deal with the change in LSB headers start runlevels
of pppd-dns due to dropping our changes (which are no longer necessary
since resolvconf is installed in most systems and has been for a while);
this should probably be kept until the next LTS.
ppp (2.4.6-3.1) unstable; urgency=high
* Non-maintainer upload.
* Urgency high due to fix for DoS vulnerability.
* Fix buffer overflow in rc_mksid().
The function converts the PID of pppd to hex to generate a pseudo-unique
string. If the process id is bigger than 65535 (FFFF), its hex
representation will be longer than 4 characters, resulting in a buffer
overflow. This bug can be exploited to cause a remote DoS.
(Closes: #782450)
Date: Thu, 16 Apr 2015 09:07:29 -0400
Changed-By: Scott Kitterman <scott at kitterman.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/ppp/2.4.6-3.1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Thu, 16 Apr 2015 09:07:29 -0400
Source: ppp
Binary: ppp ppp-udeb ppp-dev
Architecture: source
Version: 2.4.6-3.1ubuntu1
Distribution: vivid
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Scott Kitterman <scott at kitterman.com>
Description:
ppp - Point-to-Point Protocol (PPP) - daemon
ppp-dev - Point-to-Point Protocol (PPP) - development files
ppp-udeb - Point-to-Point Protocol (PPP) - package for Debian Installer (udeb)
Closes: 782450
Changes:
ppp (2.4.6-3.1ubuntu1) vivid; urgency=low
.
* Merge from Debian unstable. Remaining changes:
- debian/patches/load_ppp_generic_if_needed: load ppp_generic kernel
module if needed.
- add EAP-TLS/MPPE support patch from Jan Just Keijser.
- debian/control: add libssl-dev to Build-Depends for the EAP-TLS patch.
* debian/patches/ppp-2.4.5-eaptls-mppe-0.994.patch,
debian/patches/ppp-2.4.6-eaptls-mppe-0.997.patch: updated the EAP-TLS/MPPE
support patch to the latest version from its upstream (also refreshed it).
* debian/ppp.preinst: deal with the change in LSB headers start runlevels
of pppd-dns due to dropping our changes (which are no longer necessary
since resolvconf is installed in most systems and has been for a while);
this should probably be kept until the next LTS.
.
ppp (2.4.6-3.1) unstable; urgency=high
.
* Non-maintainer upload.
* Urgency high due to fix for DoS vulnerability.
* Fix buffer overflow in rc_mksid().
The function converts the PID of pppd to hex to generate a pseudo-unique
string. If the process id is bigger than 65535 (FFFF), its hex
representation will be longer than 4 characters, resulting in a buffer
overflow. This bug can be exploited to cause a remote DoS.
(Closes: #782450)
Checksums-Sha1:
ea19612f136a96228787efd880e5c7d5b9febca9 2079 ppp_2.4.6-3.1ubuntu1.dsc
60dcbfbfc0d732763ac35b012deb484db734e1ce 138818 ppp_2.4.6-3.1ubuntu1.debian.tar.gz
Checksums-Sha256:
e2fedba09563168dd5e964483c1e4d29e15ba8307ebda7175c6e7abfb902e27f 2079 ppp_2.4.6-3.1ubuntu1.dsc
3f9fc31e021545a3efceff0f8ec7159565c143f63b4844d01cb16a3310a40f75 138818 ppp_2.4.6-3.1ubuntu1.debian.tar.gz
Files:
bb9a9930b30b14bd15b25d2387477bff 2079 admin optional ppp_2.4.6-3.1ubuntu1.dsc
1c4ead774adf1dbe0e6aa9d407407f9f 138818 admin optional ppp_2.4.6-3.1ubuntu1.debian.tar.gz
Original-Maintainer: Marco d'Itri <md at linux.it>
More information about the Vivid-changes
mailing list