git: 687785a86a75 - main - security/vuxml: Document isc-dhcp44-* vulnerability
Ryan Steinmetz
zi at FreeBSD.org
Wed Jun 2 13:48:31 UTC 2021
The branch main has been updated by zi:
URL: https://cgit.FreeBSD.org/ports/commit/?id=687785a86a755feb934a5e7eb1d902c4431ce0ad
commit 687785a86a755feb934a5e7eb1d902c4431ce0ad
Author: Ryan Steinmetz <zi at FreeBSD.org>
AuthorDate: 2021-06-02 13:46:30 +0000
Commit: Ryan Steinmetz <zi at FreeBSD.org>
CommitDate: 2021-06-02 13:48:26 +0000
security/vuxml: Document isc-dhcp44-* vulnerability
PR: 256377
---
security/vuxml/vuln.xml | 36 ++++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 9f5b59c17c1b..c3c369a55749 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -76,6 +76,42 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="e24fb8f8-c39a-11eb-9370-b42e99a1b9c3">
+ <topic>isc-dhcp -- remotely exploitable vulnerability</topic>
+ <affects>
+ <package>
+ <name>isc-dhcp44-relay</name>
+ <range><lt>4.4.2-P1</lt></range>
+ </package>
+ <package>
+ <name>isc-dhcp44-server</name>
+ <range><lt>4.4.2-P1</lt></range>
+ </package>
+ <package>
+ <name>isc-dhcp44-client</name>
+ <range><lt>4.4.2-P1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Michael McNally reports:</p>
+ <blockquote cite="https://seclists.org/oss-sec/2021/q2/170">
+ <p>Program code used by the ISC DHCP package to read and parse stored leases</p>
+ <p>has a defect that can be exploited by an attacker to cause one of several
+ undesirable outcomes</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2021-25217</cvename>
+ <url>https://kb.isc.org/docs/cve-2021-25217</url>
+ </references>
+ <dates>
+ <discovery>2021-05-26</discovery>
+ <entry>2021-06-02</entry>
+ </dates>
+ </vuln>
+
<vuln vid="5f52d646-c31f-11eb-8dcf-001b217b3468">
<topic>Gitlab -- Multiple Vulnerabilities</topic>
<affects>
More information about the dev-commits-ports-all
mailing list