Source: connman Version: 1.43-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for connman. CVE-2025-32366[0]: | In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy length | that depends on an RR RDLENGTH value, i.e., *rdlen=ntohs(rr->rdlen) | and memcpy(response+offset,*end,*rdlen). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-32366 https://www.cve.org/CVERecord?id=CVE-2025-32366 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
