Source: network-manager Version: 1.48.4-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for network-manager. CVE-2024-6501[0]: | A flaw was found in NetworkManager. When a system running | NetworkManager with DEBUG logs enabled and an interface eth1 | configured with LLDP enabled, a malicious user could inject a | malformed LLDP packet. NetworkManager would crash, leading to a | denial of service. Not particularly hight severity as only affecting NetWorkmanager under DEBUG logs and with LLDP enabled. But Apart the RedHat reference I have not found if it was reported upstream, so you might double check if that is known upstream (I guess so). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-6501 https://www.cve.org/CVERecord?id=CVE-2024-6501 [1] https://bugzilla.redhat.com/show_bug.cgi?id=2295734 Please adjust the affected versions in the BTS as needed. Regards, Salvatore _______________________________________________ Pkg-utopia-maintainers mailing list Pkg-utopia-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-utopia-maintainers
