Your message dated Tue, 13 May 2025 07:34:03 +0000
with message-id <[email protected]>
and subject line Bug#1102193: fixed in connman 1.44-3
has caused the Debian Bug report #1102193,
regarding connman: CVE-2025-32366
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1102193: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102193
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: connman
Version: 1.43-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for connman.
CVE-2025-32366[0]:
| In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy length
| that depends on an RR RDLENGTH value, i.e., *rdlen=ntohs(rr->rdlen)
| and memcpy(response+offset,*end,*rdlen).
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-32366
https://www.cve.org/CVERecord?id=CVE-2025-32366
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: connman
Source-Version: 1.44-3
Done: Dylan Aïssi <[email protected]>
We believe that the bug you reported is fixed in the latest version of
connman, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dylan Aïssi <[email protected]> (supplier of updated connman package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 13 May 2025 09:06:57 +0200
Source: connman
Architecture: source
Version: 1.44-3
Distribution: unstable
Urgency: medium
Maintainer: Dylan Aïssi <[email protected]>
Changed-By: Dylan Aïssi <[email protected]>
Closes: 1102193
Changes:
connman (1.44-3) unstable; urgency=medium
.
* Cherry-pick upstream patch fixing CVE-2025-32366 (Closes: #1102193)
* Set myself as Maintainer.
* Improve DEP3 headers of other patches.
Checksums-Sha1:
0c19725633682d604604fd1b10adaaf2530fb5e8 2436 connman_1.44-3.dsc
30b993264aa78024d528c7b2bca1db455855c8e9 17224 connman_1.44-3.debian.tar.xz
5f6853c572c02a31aefd15c3b84fc6c948d12760 12012 connman_1.44-3_amd64.buildinfo
Checksums-Sha256:
cff83def2c5f8076c00de2334f1cf3f5e5697281139409d1344778abcb52c8e6 2436
connman_1.44-3.dsc
e1304d92bc46d4f53b08b13d970822fb9bd1eb0338edabc7d3fe42647f99ab32 17224
connman_1.44-3.debian.tar.xz
f05ca78cffc1559059e160fe95c9ac2ca25afa8bd1a892b66ca7240442eedfd6 12012
connman_1.44-3_amd64.buildinfo
Files:
760fddae07e7b2a791638f1820346a1b 2436 net optional connman_1.44-3.dsc
61b21093dabbbe57acc91ccab8837930 17224 net optional
connman_1.44-3.debian.tar.xz
f4ab13379e8e86d876baaaff8c275efc 12012 net optional
connman_1.44-3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEmjwHvQbeL0FugTpdYS7xYT4FD1QFAmgi8s4ACgkQYS7xYT4F
D1RJsRAAgLHUqOo0h4NfCiGMDlAgIhMb+ss457MhINmRZG0pb2WAmu9TvD4opSMH
n3TzqkDsQBODqzZc/xH+m5hrsZJ9c//RuPtXF93jKqYRIG9ZiMGbsNspAnzVRGMq
Rg0EI52YC9GBvuyxNx9wV6tKs0MV62nWM0c2CSrQL8MtFDM7XdXG25XqV21tskSZ
lZqLbbqKvzSc2470FgWps5lPaBhzomfpfYH4pml8wwXSesH/888IdPcjy3OA0oXa
X5U58V34dZuAuXhCDJsP7LqxkZnNQoLgy0X8XJaLSTaraDSTnKI0H4naFUgIxmrm
6sfLeLKuz+pgS6V+ROF3kGaGR5PgPLz5/c1NwRH8lEI4bMPPkvMmcEkrEaPuGvWi
DgxG4N4gb0W636+F+JIL0cI+emR8m/oD3ASz1C2IAIBoCxYsTSsmGPpCRJyC1Ngi
f3/qnt8YB/CTNcMQhp+s+becbSzpSU4cvOBQYfuFQh75RxXTCM8vmj13BNjzjFc7
nXlOQ/kt9Fkau6QmXW0tluuXpLHH13ZOr9XKq14QKukBbT7VM7mUxKW6ZgPi20jK
uwSG7RSApjLLSNRip35k3TmPTAEWDvv2z/l/Q2cYmtfZIcxRMGeUcpbpKtiZ8M1d
i8aOqbPQMT7AxrjD/C5kbz/cENGiHWMj9tRWx32EreKwsyq5Vlk=
=u38M
-----END PGP SIGNATURE-----
pgpVh0lKOqyYV.pgp
Description: PGP signature
--- End Message ---