-
Committer:
Stéphane Graber
-
Author(s):
Michael Gilbert
-
Date:
2012-10-15 19:18:07 UTC
-
Revision ID:
stgraber@ubuntu.com-20121015191807-r9ts53lmh4ktsvid
Tags: 4.2.4-3
* Maintainer security upload.
* Fix cve-2012-2248: as of 4.2.x the build system prefix now gets included
in CLIENT_PATH. This has security implications since the build system's
source path is now included in dhclient's search PATH on users' systems,
so sanitize the prefix to not include build system paths (closes: #690532)
- Patch thanks to Raphael Geissert