[pkg-fso-maint] Bug#672989: Multiple security issues
Julien Cristau
jcristau at debian.org
Tue May 15 19:39:06 UTC 2012
On Tue, May 15, 2012 at 11:44:17 +0200, Moritz Muehlenhoff wrote:
> Package: connman
> Severity: grave
> Tags: security
>
>
> CVE-2012-2320: Conman doesn't check for the origin of netlink messages (from
> https://bugzilla.novell.com/show_bug.cgi?id=715172#c4)
> http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=c1b968984212b46bea1330f5ae029507b9bfded9
> http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=b0ec6eb4466acc57a9ea8be52c17b674b6ea0618
>
> CVE-2012-2321: Check hostname validity prior setting the hostname in loopback plug-in: (from
> https://bugzilla.novell.com/show_bug.cgi?id=715172#c4)
> http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=26ace5c59f790bce0f1988b88874c6f2c480fd5a
> http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=a5f540db7354b76bcabd0a05d8eb8ba2bff4e911
>
> CVE-2012-2322: DHCPv6 option parsing vulnerable to DoS (endless loop): (from
> https://bugzilla.novell.com/show_bug.cgi?id=715172#c9)
> http://lists.connman.net/pipermail/connman/2012-May/009473.html
>
> Since this package is effectively unmaintained (no upload later than 2010 and waaaay behind
> upstream I suggest to simply remove it for Wheezy?)
>
$ dak rm -Rn -s testing connman
[...]
Checking reverse dependencies...
# Broken Build-Depends:
fso-gsmd: connman-dev
Dependency problem found.
Sebastian, fso folks, is there a way to remove this build-dependency on
connman?
Cheers,
Julien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-fso-maint/attachments/20120515/9a93d401/attachment.pgp>
More information about the pkg-fso-maint
mailing list