Your message dated Fri, 08 Sep 2017 21:17:39 +0000
with message-id <e1dqqeh-0009e1...@fasolo.debian.org>
and subject line Bug#872844: fixed in connman 1.21-1.2+deb8u1
has caused the Debian Bug report #872844,
regarding connman: [CVE-2017-12865] stack overflow in dns proxy feature
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
872844: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872844
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: connman
X-Debbugs-CC: t...@security.debian.org secure-testing-
t...@lists.alioth.debian.org
Severity: grave
Version: 1.33-3
Tags: security patch
Hi,
the following vulnerability was published for connman.
CVE-2017-12865[0]:
stack overflow in dns proxy feature
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
The commit that fix the vulnerability can be found here: https://
git.kernel.org/pub/scm/network/connman/connman.git/commit/?
id=5c281d182ecdd0a424b64f7698f32467f8f67b71
The vulnerability was fixed in 1.35, therefore sid and buster are not
affected.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-12865
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12865
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: connman
Source-Version: 1.21-1.2+deb8u1
We believe that the bug you reported is fixed in the latest version of
connman, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 872...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luciano Bello <luci...@debian.org> (supplier of updated connman package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 23 Aug 2017 10:29:30 -0400
Source: connman
Binary: connman connman-vpn connman-dev connman-doc
Architecture: source amd64 all
Version: 1.21-1.2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Alexander Sack <a...@debian.org>
Changed-By: Luciano Bello <luci...@debian.org>
Description:
connman - Intel Connection Manager daemon
connman-dev - Development files for connman
connman-doc - ConnMan documentation
connman-vpn - Intel Connection Manager daemon - VPN daemon
Closes: 872844
Changes:
connman (1.21-1.2+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2017-12865: Fix crash on malformed DNS response (Closes: #872844)
Checksums-Sha1:
e4ea70680b9b2dcdf3944657e41576f19cb66e72 2306 connman_1.21-1.2+deb8u1.dsc
d86def5830061b437cb3129563abb374a4595200 574726 connman_1.21.orig.tar.gz
4ab1a10bd4b782f19368ce88e116afcf43e5ae98 11276
connman_1.21-1.2+deb8u1.debian.tar.xz
16f82dc2a0fd7c40d5cb8ef4523e8046867b8cfa 330872
connman_1.21-1.2+deb8u1_amd64.deb
3ef87bdd38f4dfbc8160c48f8d047a14641b8f05 106328
connman-vpn_1.21-1.2+deb8u1_amd64.deb
826362fd4356cb3ceda1e0b1e07b567d4c5c67ec 23618
connman-dev_1.21-1.2+deb8u1_amd64.deb
b2f3fcdd4b0dad05fda92dca9ef320c52868b2f2 57636
connman-doc_1.21-1.2+deb8u1_all.deb
Checksums-Sha256:
a940bb31a0f60eaef94ca70d70e35fbe7619603e73b879c06a96e18f3accf037 2306
connman_1.21-1.2+deb8u1.dsc
bfb4f2af3c57f5c64a27af2cde5d2a166668149ab139b8ba41cdbeffd7a6a6f4 574726
connman_1.21.orig.tar.gz
ad78607af60ce03a203bbb929e0b671e0ca5eb3332c8639001f78a0ffff3c238 11276
connman_1.21-1.2+deb8u1.debian.tar.xz
83b1f3cea4f95c43be98cae17540bf407cf78e8b0571b657bd04cf6092dc3960 330872
connman_1.21-1.2+deb8u1_amd64.deb
12f4fcf2c44897711ffe52fed74665c968461c27183094b5abe685648c54f0fb 106328
connman-vpn_1.21-1.2+deb8u1_amd64.deb
c033866a9a894373008a3030bda5e0941be78f9de6b1ca4e0c88afa7bac92f77 23618
connman-dev_1.21-1.2+deb8u1_amd64.deb
6e606f269304c5459301964efdeefb0a57023aafad4f4ac7e1621722abdc7ed4 57636
connman-doc_1.21-1.2+deb8u1_all.deb
Files:
8d6af1eef316fd2ef2fa71c7c5ef715a 2306 net optional connman_1.21-1.2+deb8u1.dsc
14cc40636eb24d22c9c78065059ba69e 574726 net optional connman_1.21.orig.tar.gz
7f5dd0e026cd422921a80afca2b21461 11276 net optional
connman_1.21-1.2+deb8u1.debian.tar.xz
ab1474f121b70c2637f1b5e3afd4f396 330872 net optional
connman_1.21-1.2+deb8u1_amd64.deb
eb32ab75af5b1479826da759febbab03 106328 net optional
connman-vpn_1.21-1.2+deb8u1_amd64.deb
7da1851c1e2b4875c82a8277a5192e68 23618 devel optional
connman-dev_1.21-1.2+deb8u1_amd64.deb
075654a830232be5d8a2f36b07b2f0d6 57636 doc optional
connman-doc_1.21-1.2+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEayzFlnvRveqeWJspbsLe9o/+N3QFAlmjO9cACgkQbsLe9o/+
N3Qdpg//Zn6NDyVZrg03jqgCC3PbAsxWT0Sve2g842/6572NOaM8iCG7g/nWJz4W
bLf8V2NW9qAj4IhJyaw7qVrJwd3Rahq/xw/8uVILf9MtBbTFFxOnXy5VJ57Ooa9m
3usTbO6eDOR9nIynMyCqLEQ5Yj5xSSBKsu3fU1+PlH/icIO55dW5fViop5PvkUtB
tp1+J9Z3l9WljOnZPPNHi6pxDNhUg81wbm2FX4MvbCDZVlnoPFa2VMNEPog81pHQ
9wZyzeDY6jNtd3hxuvUNPFhW2iMvB4Q52pW7Jav5qt8H6vV0c8TTmKscozRvfSK8
wBLwxC5tGFoWghJf0MQxbvOMh7BIIt9VTPVH4bJ7cIg74r2XjEzfxR0sKA60jqcu
aq4bsQo1KmYQ/k+HuySVX5JjDDIP9hHQXSvToX4OokD0OOfUIc6zJB0LKiz58s4g
KwOC+9J5XduTr5AOJsz3zt1A3jnTPS4XHmziUKyX3thPjfB4S7buN3BHyi2wZsLn
TMFIyijahCv9l+5/676BI11pTpn1G9QAGZcC4/Kzb8Jz+THkpVohFaxAx9MFO3nf
T/5kC/UXMuy/7ojuZ1Y0QFdHjBvVJ7g640CGXCKur1AYp7vx3aBe+PxDFLIq17KH
a0/iCoZrpRCUNxKxrgU0VSQdkavZ87tk5muSxBm62JEC7jfHgyc=
=hfj1
-----END PGP SIGNATURE-----
--- End Message ---
