The dhcp-3.0-6 packages currently in rawhide are apparently affected by the "Format String Vulnerability" described here: http://www.cert.org/advisories/CA-2002-12.html Please roll dhcp-3.0pl1 packages as soon as possible...
You're incorrectly expecting support for rawhide packages. (No releases have dhcp 3.x included, so there's no need for an erratum.) The package will get updated eventually, but it's not a priority...
First you declined to fix the known-broken dhcp-2.0 package (see #36620) because the dhcp-3.0 package in rawhide fixes the problem, and now you're saying you won't support dhcp-3.0 because it's in rawhide? It seems that you're saying "We won't put effort into fixing dhcp-2.0 bugs because there's a dhcp-3.0 package available", and at the same time, "We won't put effort into fixing dhcp-3.0 bugs because there's a dhcp-2.0 package available." An obvious catch-22. IMO, one or the other needs to be fixed. Both available dhcp packages shouldn't be left broken and unsupported like this.
Like I said, the dhcp in rawhide will get fixed eventually, but rawhide isn't something that is supported in any fashion, just a holding pen for development work. The 36620 issue _is_ solved in rawhide (meaning that the 36620 fix will be in a future release when people can be expected to actually use it), but that package-with-security-hole the best I can do given my priorities and the low priority of rawhide.
Okay, fair enough. I guess I'll hack up my own package for 3.0pl1 in the meantime...
3.0pl1 packages are being worked on now, should be a week hopefully.
pl1 in rawhide
Time tracking values updated