[pkg-fso-maint] Bug#672989: Multiple security issues

Julien Cristau jcristau at debian.org
Tue May 15 19:39:06 UTC 2012


On Tue, May 15, 2012 at 11:44:17 +0200, Moritz Muehlenhoff wrote:

> Package: connman
> Severity: grave
> Tags: security
> 
> 
> CVE-2012-2320:  Conman doesn't check for the origin of netlink messages (from
> https://bugzilla.novell.com/show_bug.cgi?id=715172#c4)
> http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=c1b968984212b46bea1330f5ae029507b9bfded9
> http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=b0ec6eb4466acc57a9ea8be52c17b674b6ea0618
> 
> CVE-2012-2321: Check hostname validity prior setting the hostname in loopback plug-in: (from
> https://bugzilla.novell.com/show_bug.cgi?id=715172#c4)
> http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=26ace5c59f790bce0f1988b88874c6f2c480fd5a
> http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=a5f540db7354b76bcabd0a05d8eb8ba2bff4e911
> 
> CVE-2012-2322: DHCPv6 option parsing vulnerable to DoS (endless loop): (from
> https://bugzilla.novell.com/show_bug.cgi?id=715172#c9)
> http://lists.connman.net/pipermail/connman/2012-May/009473.html
> 
> Since this package is effectively unmaintained (no upload later than 2010 and waaaay behind
> upstream I suggest to simply remove it for Wheezy?)
> 
$ dak rm -Rn -s testing connman
[...]

Checking reverse dependencies...
# Broken Build-Depends:
fso-gsmd: connman-dev

Dependency problem found.

Sebastian, fso folks, is there a way to remove this build-dependency on
connman?

Cheers,
Julien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-fso-maint/attachments/20120515/9a93d401/attachment.pgp>


More information about the pkg-fso-maint mailing list