StarlingX

  1. Bug #2043434
  2. Comment #2

Comment 2 for bug 2043434

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to integ (master)

Reviewed: https://review.opendev.org/c/starlingx/integ/+/900850
Committed: https://opendev.org/starlingx/integ/commit/dcb205850c8e1abf3e7eba72191d34b3941596c9
Submitter: "Zuul (22348)"
Branch: master

commit dcb205850c8e1abf3e7eba72191d34b3941596c9
Author: Zhixiong Chi <email address hidden>
Date: Mon Nov 13 18:15:57 2023 -0800

    isc-dhcp: fix CVE-2022-2929

    Backport the source patch from the version 4.4.1-2.3+deb11u2.
    [https://sources.debian.org/src/isc-dhcp/4.4.1-2.3+deb11u2/debian/patches/CVE-2022-2929.patch]

    Refer to:
    https://security-tracker.debian.org/tracker/DSA-5251-1
    It refers to two issues, CVE-2022-2928 and CVE-2022-2929.
    CVE-2022-2928 has been fixed in
    [https://review.opendev.org/c/starlingx/integ/+/865278]

    Pass: build-pkgs -c -p isc-dhcp
    Pass: build-pkgs -a
    Pass: build-image
    Pass: Debian AIO jenkins installation

    Issue is very difficult to reproduce, so we are simply focused on
    making sure that this doesn't break anything.

    Closes-Bug: 2043434

    Signed-off-by: Zhixiong Chi <email address hidden>
    Change-Id: Ie9148ea007526160b34c57df5f98d776c04dbe3a