From: owner@bugs.debian.org 
  
 This is a multi-part message in MIME format... 
  
 Your message dated Thu, 28 Aug 2025 21:52:08 +0200 
 with message-id  
 and subject line Re: Bug#1112247: isc-kea: CVE-2025-40779 
 has caused the Debian Bug report #1112247, 
 regarding isc-kea: CVE-2025-40779 
 to be marked as done. 
  
 This means that you claim that the problem has been dealt with. 
 If this is not the case it is now your responsibility to reopen the 
 Bug report if necessary, and/or fix the problem forthwith. 
  
 (NB: If you are a system administrator and have no idea what this 
 message is talking about, this may indicate a serious mail system 
 misconfiguration somewhere. Please contact owner@bugs.debian.org 
 immediately.) 
  
  
 -- 
 1112247: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112247 
 Debian Bug Tracking System 
 Contact owner@bugs.debian.org with problems 
  
 Received: (at submit) by bugs.debian.org; 27 Aug 2025 20:22:28 +0000 
 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02 
  (2024-03-25) on buxtehude.debian.org 
 X-Spam-Level: 
 X-Spam-Status: No, score=-9.6 required=4.0 tests=BAYES_00,FROMDEVELOPER, 
  KHOP_HELO_FCRDNS,MD5_SHA1_SUM,RDNS_DYNAMIC,SPF_HELO_NONE,SPF_NONE, 
  XMAILER_REPORTBUG autolearn=ham autolearn_force=no 
  version=4.0.1-bugs.debian.org_2005_01_02 
 X-Spam-Bayes: score:0.0000 Tokens: new, 13; hammy, 144; neutral, 29; spammy, 
  2. spammytokens:0.943-+--H*r:bugs.debian.org, 0.929-+--selection 
  hammytokens:0.000-+--H*F:U*carnil, 0.000-+--XDebbugsCc, 
  0.000-+--X-Debbugs-Cc, 0.000-+--Hx-authordomain:debian.org, 
  0.000-+--Hx-senderdomain:debian.org 
 Return-path:  
 Received: from c-82-192-244-13.customer.ggaweb.ch ([82.192.244.13]:37054 
 helo=eldamar.lan) 
  by buxtehude.debian.org with esmtp (Exim 4.96) 
  (envelope-from ) 
  id 1urMf5-008BQR-0o 
  for submit@bugs.debian.org; 
  Wed, 27 Aug 2025 20:22:28 +0000 
 Content-Type: text/plain; charset="us-ascii" 
 MIME-Version: 1.0 
 Content-Transfer-Encoding: 7bit 
 From: Salvatore Bonaccorso  
 To: Debian Bug Tracking System  
 Subject: isc-kea: CVE-2025-40779 
 Message-ID: <175632614275.243818.15413357477461321996.reportbug@eldamar.lan> 
 X-Mailer: reportbug 13.2.0 
 Date: Wed, 27 Aug 2025 22:22:22 +0200 
 Delivered-To: submit@bugs.debian.org 
  
 Source: isc-kea 
 Version: 2.6.3-2 
 Severity: grave 
 Tags: security upstream 
 Justification: user security hole 
 X-Debbugs-Cc: carnil@debian.org, Debian Security Team  
  
 Hi, 
  
 The following vulnerability was published for isc-kea. 
  
 CVE-2025-40779[0]: 
 | Kea crash upon interaction between specific client options and 
 | subnet selection 
  
  
 If you fix the vulnerability please also make sure to include the 
 CVE (Common Vulnerabilities & Exposures) id in your changelog entry. 
  
 For further information see: 
  
 [0] https://security-tracker.debian.org/tracker/CVE-2025-40779 
     https://www.cve.org/CVERecord?id=CVE-2025-40779 
 [1] https://kb.isc.org/docs/cve-2025-40779 
 [2] https://gitlab.isc.org/isc-projects/kea/-/commit/b25d7e8a812 
 3e4099bf6c7f639ed774de2f3d08 
  
 Please adjust the affected versions in the BTS as needed. 
  
 Regards, 
 Salvatore 
  
 Received: (at 1112247-done) by bugs.debian.org; 28 Aug 2025 19:52:11 +0000 
 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02 
  (2024-03-25) on buxtehude.debian.org 
 X-Spam-Level: 
 X-Spam-Status: No, score=-114.2 required=4.0 tests=BAYES_00, 
  BODY_INCLUDES_CONTROL,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID, 
  DKIM_VALID_AU,DKIM_VALID_EF,FROMDEVELOPER,HAS_BUG_NUMBER,MD5_SHA1_SUM, 
  SPF_HELO_NONE,SPF_NONE,UNPARSEABLE_RELAY,USER_IN_DKIM_WELCOMELIST 
  autolearn=ham autolearn_force=no 
  version=4.0.1-bugs.debian.org_2005_01_02 
 X-Spam-Bayes: score:0.0000 Tokens: new, 11; hammy, 150; neutral, 67; spammy, 
  0. spammytokens: 
  hammytokens:0.000-+--Hx-spam-relays-external:sk:stravin, 
  0.000-+--H*RT:sk:stravin, 0.000-+--Hx-spam-relays-external:311, 
  0.000-+--H*RT:311, 0.000-+--H*RT:108 
 Return-path:  
 Received: from stravinsky.debian.org ([2001:41b8:202:deb::311:108]:60006) 
  by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RS 
 _PSS_RSAE_SHA256__AES_256_GCM:256) 
  (Exim 4.96) 
  (envelope-from ) 
  id 1urifL-00CbZT-1g; 
  Thu, 28 Aug 2025 19:52:11 +0000 
 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian. 
 org; 
  s=smtpauto.stravinsky; h=X-Debian-User:In-Reply-To:Content-Type:MIME- 
 Version: 
  References:Message-ID:Subject:Cc:To:From:Date:Reply-To: 
  Content-Transfer-Encoding:Content-ID:Content-Description; 
  bh=meeMvZviBjW5FA+t3LNUP6Ak1E13vTGcIS7q+mGAtBc=; b 
 =o1dwuCQ4DldIZPxVP5wMkXgtZ3 
  sc87yz5x2yBOT1VwTA9HEpzv5CKlXoxi/T+A8egGNSEBNWHATT 
 2JKGAd5giLAf8kdc7CsoZ1jeiEU 
  UmkFORAHE9UWGsTVJzCIl0usBJfQEDfgMgrT5mrSbUQW9AoCgc 
 yUgowA+0LcgsR1RpE5SC8nG2yk3 
  SLNA6JwFHwoVfiVL9AKdPYUI5lHgAXFxT278oufqA7AMn4qg/n 
 3ABXKyPVHmuAM41CElpv8xBJ3qN 
  34pk4Y56CEvDQ2TlXny0MQIVMfVPDItBGV+6mEvDhKrvvm5ZQO 
 Ylgxlhjq9lXVLehoMcSMOQuwOzB 
  PBK4+ghw==; 
 Received: from authenticated user 
  by stravinsky.debian.org with esmtpsa (TLS1.3:ECDHE_X25519__RSA 
 PSS_RSAE_SHA256__AES_256_GCM:256) 
  (Exim 4.94.2) 
  (envelope-from ) 
  id 1urifI-00FTY3-PX; Thu, 28 Aug 2025 19:52:09 +0000 
 Received: by eldamar.lan (Postfix, from userid 1000) 
  id 39B55BE2DE0; Thu, 28 Aug 2025 21:52:08 +0200 (CEST) 
 Date: Thu, 28 Aug 2025 21:52:08 +0200 
 From: Salvatore Bonaccorso  
 To: Paride Legovini  
 Cc: 1112247@bugs.debian.org, 1112247-done@bugs.debian.org, 
  team@security.debian.org 
 Subject: Re: Bug#1112247: isc-kea: CVE-2025-40779 
 Message-ID:  
 References: <175632614275.243818.15413357477461321996.reportbug@eldamar.lan> 
  <2a591ad8-3ed1-46f0-a78f-ca2898d97f22@debian.org> 
  
 [continued in next message] 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2)