diff -Nru isc-dhcp-4.3.5/debian/changelog isc-dhcp-4.3.5/debian/changelog
--- isc-dhcp-4.3.5/debian/changelog	2021-03-10 14:27:51.000000000 +0000
+++ isc-dhcp-4.3.5/debian/changelog	2021-05-25 10:50:53.000000000 +0000
@@ -1,3 +1,11 @@
+isc-dhcp (4.3.5-3ubuntu7.3) bionic-security; urgency=medium
+
+  * SECURITY UPDATE: DoS via incorrect option information parsing
+    - debian/patches/CVE-2021-25217.patch: fix parsing in common/parse.c.
+    - CVE-2021-25217
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 25 May 2021 06:50:53 -0400
+
 isc-dhcp (4.3.5-3ubuntu7.2) bionic; urgency=medium
 
   * Fix env variable for INTERFACES (LP: #1894172)
diff -Nru isc-dhcp-4.3.5/debian/patches/CVE-2021-25217.patch isc-dhcp-4.3.5/debian/patches/CVE-2021-25217.patch
--- isc-dhcp-4.3.5/debian/patches/CVE-2021-25217.patch	1970-01-01 00:00:00.000000000 +0000
+++ isc-dhcp-4.3.5/debian/patches/CVE-2021-25217.patch	2021-05-25 10:50:50.000000000 +0000
@@ -0,0 +1,22 @@
+Description: fix DoS via incorrect option information parsing
+Origin: provided by ISC
+
+--- a/common/parse.c
++++ b/common/parse.c
+@@ -5529,13 +5529,14 @@ int parse_X (cfile, buf, max)
+ 				skip_to_semi (cfile);
+ 				return 0;
+ 			}
+-			convert_num (cfile, &buf [len], val, 16, 8);
+-			if (len++ > max) {
++			if (len >= max) {
+ 				parse_warn (cfile,
+ 					    "hexadecimal constant too long.");
+ 				skip_to_semi (cfile);
+ 				return 0;
+ 			}
++			convert_num (cfile, &buf [len], val, 16, 8);
++			len++;
+ 			token = peek_token (&val, (unsigned *)0, cfile);
+ 			if (token == COLON)
+ 				token = next_token (&val,
diff -Nru isc-dhcp-4.3.5/debian/patches/series isc-dhcp-4.3.5/debian/patches/series
--- isc-dhcp-4.3.5/debian/patches/series	2021-03-10 14:27:51.000000000 +0000
+++ isc-dhcp-4.3.5/debian/patches/series	2021-05-25 10:50:46.000000000 +0000
@@ -35,3 +35,4 @@
 ubuntu-dhcpd-conf.patch
 CVE-2018-573x.patch
 CVE-2019-6470.patch
+CVE-2021-25217.patch