ppp (2.4.6-3.1ubuntu1) vivid; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/load_ppp_generic_if_needed: load ppp_generic kernel
module if needed.
- add EAP-TLS/MPPE support patch from Jan Just Keijser.
- debian/control: add libssl-dev to Build-Depends for the EAP-TLS patch.
* debian/patches/ppp-2.4.5-eaptls-mppe-0.994.patch,
debian/patches/ppp-2.4.6-eaptls-mppe-0.997.patch: updated the EAP-TLS/MPPE
support patch to the latest version from its upstream (also refreshed it).
* debian/ppp.preinst: deal with the change in LSB headers start runlevels
of pppd-dns due to dropping our changes (which are no longer necessary
since resolvconf is installed in most systems and has been for a while);
this should probably be kept until the next LTS.
ppp (2.4.6-3.1) unstable; urgency=high
* Non-maintainer upload.
* Urgency high due to fix for DoS vulnerability.
* Fix buffer overflow in rc_mksid().
The function converts the PID of pppd to hex to generate a pseudo-unique
string. If the process id is bigger than 65535 (FFFF), its hex
representation will be longer than 4 characters, resulting in a buffer
overflow. This bug can be exploited to cause a remote DoS.
(Closes: #782450)
-- Scott Kitterman <email address hidden> Thu, 16 Apr 2015 09:07:29 -0400