Package: wicd-daemon Version: 1.7.4+tb2-6 Severity: serious Tags: security Due to bug 852343, wicd-daemon now depends on
dhcpcd5 | isc-dhcp-client | pump | udhcpc but dhcpcd5 has been vulnerable since at least 2014: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=846938 (dhcpcd5: CVE-2014-7913). And as a consequence, wicd has now been removed from testing: https://tracker.debian.org/news/965137/wicd-removed-from-testing/ ------------------------------------------------------------------ FYI: The status of the wicd source package in Debian's testing distribution has changed. Previous version: 1.7.4+tb2-6 Current version: (not in testing) Hint: <https://release.debian.org/britney/hints/auto-removals> Bug #846938: dhcpcd5: CVE-2014-7913 # in dhcpcd5 ------------------------------------------------------------------ The unnecessary dependency on dhcpcd5 should be removed. -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.16.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=POSIX (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages wicd-daemon depends on: ii adduser 3.117 ii dbus 1.12.8-3 ii debconf 1.5.67 ii iputils-ping 3:20161105-1 ii isc-dhcp-client 4.3.5-4 ii lsb-base 9.20170808 ii psmisc 23.1-1+b1 ii python 2.7.15-3 ii python-dbus 1.2.8-2 ii python-gobject-2 2.28.6-13+b1 ii python-wicd 1.7.4+tb2-6+local1 ii wireless-tools 30~pre9-12+b1 ii wpasupplicant 2:2.6-17 Versions of packages wicd-daemon recommends: ii rfkill 2.32-0.1 ii wicd-curses [wicd-client] 1.7.4+tb2-6+local1 ii wicd-gtk [wicd-client] 1.7.4+tb2-6+local1 Versions of packages wicd-daemon suggests: pn pm-utils <none> Versions of packages wicd depends on: ii wicd-curses [wicd-client] 1.7.4+tb2-6+local1 ii wicd-gtk [wicd-client] 1.7.4+tb2-6+local1 Versions of packages wicd-gtk depends on: ii python 2.7.15-3 ii python-glade2 2.24.0-5.1+b1 ii python-gtk2 2.24.0-5.1+b1 Versions of packages wicd-gtk recommends: ii menu 2.1.47+b1 ii policykit-1 0.105-20 ii python-notify 0.1.1-4 Versions of packages wicd-curses depends on: ii python 2.7.15-3 ii python-urwid 2.0.1-2 Versions of packages wicd-curses recommends: ii sudo 1.8.23-1 Versions of packages python-wicd depends on: ii net-tools 1.60+git20161116.90da8a0-2 ii python 2.7.15-3 Versions of packages python-wicd suggests: ii ethtool 1:4.16-1 ii iproute2 4.16.0-4 -- Configuration Files: /etc/wicd/encryption/templates/active changed [not included] -- debconf information excluded
