Your message dated Fri, 11 Jun 2021 19:19:01 +0000 with message-id <e1lrmgh-000dvw...@fasolo.debian.org> and subject line Bug#989662: fixed in connman 1.36-2.2 has caused the Debian Bug report #989662, regarding connman: CVE-2021-33833: dnsproxy: Check the length of buffers before memcpy to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 989662: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989662 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: connman Version: 1.36-2.1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 1.36-2.1~deb10u1 Hi, The following vulnerability was published for connman. Choosing RC severity to make sure the fix land in bullseye. CVE-2021-33833[0]: | dnsproxy: Check the length of buffers before memcpy If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-33833 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33833 [1] https://www.openwall.com/lists/oss-security/2021/06/09/1 [2] https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=eceb2e8d2341c041df55a5e2f047d9a8c491463c Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: connman Source-Version: 1.36-2.2 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of connman, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 989...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated connman package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 09 Jun 2021 20:48:07 +0200 Source: connman Architecture: source Version: 1.36-2.2 Distribution: unstable Urgency: high Maintainer: Alexander Sack <a...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 989662 Changes: connman (1.36-2.2) unstable; urgency=high . * Non-maintainer upload. * dnsproxy: Check the length of buffers before memcpy (CVE-2021-33833) (Closes: #989662) Checksums-Sha1: 3a6aa3340048c9f388670750aca8b18eb6fd8dfe 2345 connman_1.36-2.2.dsc ef48251415c61896e4524b64955d651882da16a7 16528 connman_1.36-2.2.debian.tar.xz 42a7c985642bca731c8eccdffc669a86bcc606a5 6548 connman_1.36-2.2_source.buildinfo Checksums-Sha256: 0183a80247e4248094dc85f5431ae822c116b79c2ea17a7e6afaee01794db4cf 2345 connman_1.36-2.2.dsc e75ae7b9a8f75d582ce977929ecdc73390d8269ba3569e3e7202ffeffa03a187 16528 connman_1.36-2.2.debian.tar.xz d57b3d98c0ccdcc52200038123586e61fcb8b16389df4184a58f2a21f3074987 6548 connman_1.36-2.2_source.buildinfo Files: 6de7f5357bc9931c0be29154d09a6b94 2345 net optional connman_1.36-2.2.dsc 9ad190ecd1971ddc991328c0ed2bcbc0 16528 net optional connman_1.36-2.2.debian.tar.xz 54f2878dfa0b483fe1f23541e06a76fc 6548 net optional connman_1.36-2.2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmDBDT5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EVpQQAIvnEC7hx1v5Ub5a8sYVQuSUCWYmzHyk 1unA2EMaKEBd9R7cchtvEnPlOd5fAnnNZo3BX3Nuon9YP0p097G1zTACoVniBz5h yC78mnpfUsCNrtg3S1WxapI4pNKrCYPSwWbkuy+YqiJ2G/Y5d67yUzj3j1vm39B2 xmIVZ84HYHPEtRKLLcsYzH6NnyMkq4vJgHDDldAVE4zMy6KNbHRuTq1XMzYr1M71 VUg4+BMKRpR30EbnGcjBTotvVc84hAtsy/b08zMX0bJG2CJ96A5IUsUZ4NPgtGFd zWV9ZGJ7whvYCY87i/31e48x8NW4y1huk9NAPBq0L2Y0zTLXzg1BdPxJYOne52OK 3fl6rUFzqo1R717fEP2Aaxs1T4uiKFf26Pn2ChxDcGB3X9mjR/hR1YPZ0LW3LoUH zOtAAzriwVDL9PIMy6gVfeA7Pq+oDKL+w5OOtVv8jvmCB5u//+2Encd7fML2d0J+ zoLGedBZquyOdot6cjRiiU6K2ptlf1D0Q88atnJiG/ZLumnyaTdp8XebytqKHjna 6Cc5GRg+K3TW0HVB5KR/sADbDQApzuLlcfjB4k7J+yHIWlea0m5Y1TdhLESp8JqB KLOqSykqLBaehS/BQp9huzzqDxuvOvlbYgQnEOMA3P1ANJn8JRvFAg6V5jVwVt/5 Y+7XRd6AZ040 =TWXV -----END PGP SIGNATURE-----
--- End Message ---
