Fabre

#1140911 bookworm-pu: package dhcpcd5/9.4.1-24~deb12u5 #1140911

Package:: release.debian.org

Source:: release.debian.org

Submitter:: Martin-Éric Racine

Date:: 2026-06-28 11:51:02 UTC

Severity:: normal

Tags:

#1140911#5

Date:: 2026-06-28 10:12:25 UTC

From:

To:

[ Reason ]
Backporting fixes for 2 minor CVEs reported by DSA yesterday.

CVE-2025-70102 was fixed in 10.3.1 (Sid has 10.3.2) but never backported until now.
Meanwhile, the fix for CVE-2026-56114 has long been sitting in upstream Git.

Both patches have been applied to Sid/Forky pending a new upstream release.
Also both patches have been applied to Trixie (see similar trixie-pu bug).

[ Impact ]
Minor.

[ Tests ]
Verified to boot on a host running Bookworm.

[ Risks ]
Minor. Both patches are one-line fixes.

[ Checklist ]
  [*] *all* changes are documented in the d/changelog
  [*] I reviewed all changes and I approve them
  [*] attach debdiff against the package in (old)stable
  [*] the issue is verified as fixed in unstable

[ Changes ]
dhcpcd5 (9.4.1-24~deb12u5) bookworm; urgency=medium
.
  * [control]
    = Migrate Build-Depends from pkg-config to pkgconf.
  * [salsa-ci.yml]
    + Implement basic CI support using the stock Debian pipeline include.
  * [patches] (Closes: #1140767)
    + Cherry-pick upstream fix for CVE-2025-70102 (commit 117742d).
    + Cherry-pick upstream fix for CVE-2026-56114 (commit 2f00c7b).
    = Refresh all patches.

#1140911 bookworm-pu: package dhcpcd5/9.4.1-24~deb12u5 #1140911

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)