Your message dated Sat, 26 Feb 2022 10:34:08 +0000 with message-id <e1nnuou-00082b...@fasolo.debian.org> and subject line Bug#1004935: fixed in connman 1.36-2.4 has caused the Debian Bug report #1004935, regarding connman: CVE-2022-23096 CVE-2022-23097 CVE-2022-23098 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1004935: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004935 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: connman Version: 1.36-2.3 Severity: grave Tags: security upstream Forwarded: https://lore.kernel.org/connman/20220125090026.5108-1-w...@monom.org/ X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 1.36-2.2 Control: found -1 1.36-2.1~deb10u1 Control: found -1 1.36-2.1~deb10u2 Hi, The following vulnerabilities were published for connman. CVE-2022-23096[0]: | An issue was discovered in the DNS proxy in Connman through 1.40. The | TCP server reply implementation lacks a check for the presence of | sufficient Header Data, leading to an out-of-bounds read. CVE-2022-23097[1]: | An issue was discovered in the DNS proxy in Connman through 1.40. | forward_dns_reply mishandles a strnlen call, leading to an out-of- | bounds read. CVE-2022-23098[2]: | An issue was discovered in the DNS proxy in Connman through 1.40. The | TCP server reply implementation has an infinite loop if no data is | received. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-23096 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23096 [1] https://security-tracker.debian.org/tracker/CVE-2022-23097 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23097 [2] https://security-tracker.debian.org/tracker/CVE-2022-23098 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23098 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: connman Source-Version: 1.36-2.4 Done: Ross Vandegrift <rvandegr...@debian.org> We believe that the bug you reported is fixed in the latest version of connman, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1004...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ross Vandegrift <rvandegr...@debian.org> (supplier of updated connman package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 25 Feb 2022 21:06:06 -0800 Source: connman Architecture: source Version: 1.36-2.4 Distribution: unstable Urgency: medium Maintainer: Alexander Sack <a...@debian.org> Changed-By: Ross Vandegrift <rvandegr...@debian.org> Closes: 1004935 Changes: connman (1.36-2.4) unstable; urgency=medium . * d/patches: (Closes: #1004935) + 0008-dnsproxy-Validate-input-data-before-using-them.patch: fixes CVE-2022-23096, CVE-2022-23097 + 0009-dnsproxy-Avoid-100-busy-loop-in-TCP-server-case.patch: fixes CVE-2022-23098 * Bump debhelper version from deprecated 11 to 12 Checksums-Sha1: 71e22d3105e4f02afba7f1cd4fcec9911c53b6ac 2045 connman_1.36-2.4.dsc a95de88049c1653d5a9d16a1a66e96c84f468b9f 18000 connman_1.36-2.4.debian.tar.xz 606803286056189eaf06b8b1f4366dd3f2d53b2e 8043 connman_1.36-2.4_source.buildinfo Checksums-Sha256: e986baa37a0fc2f45230e57aceb490d82bc6404facfe7a6ea37586bcff78a6c0 2045 connman_1.36-2.4.dsc 65e35cc6e998ff8dfa83b528b52c447c8b4b815a01a77605fc266aeb959f3065 18000 connman_1.36-2.4.debian.tar.xz 43a38c0d97a92806d1d242a67b5db155d1f498daaab90266d50edceb7705d91d 8043 connman_1.36-2.4_source.buildinfo Files: 127bb3519573610fe62440217e43ffae 2045 net optional connman_1.36-2.4.dsc 3d026eff0891a04215d023724581035a 18000 net optional connman_1.36-2.4.debian.tar.xz 113fcf830577b931c6743f9fb32121a1 8043 net optional connman_1.36-2.4_source.buildinfo -----BEGIN PGP SIGNATURE----- iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmIaABsQHGJhZ2VAZGVi aWFuLm9yZwAKCRAfXHqLRVZDFJDsC/9Y6sdZkmb9ojMz4/x3BjnFrMgQy99yxw7R R1CbYwSzSOOy2rfh4A5rknikyHxtBdt/EHG2ZcSGpR2LCa2xx3trcz9M8UbyfcvI /WgRSwS14DW7mCFKpr0+oqAtA+s0S1Pz8dCRTNOChyO+acrokY9dUKBW2LLoLOEI 1RIe+jXt4zs1ijEh4ogFoTfr+/776l5XV12/TpLZfqm9pDi+lyGn3M72aEoY5Pz9 1IwjdDiw3DHs4luXf+uTuIPYH0gB0lqsW/dRRLBm8WOtDa9fn9xZmUl4HwsnmT42 VHAIipWx8o9Zcmh2qqs0kDPQIWTiQjFQk0FEo3GtviBSRu0dofKcW+eEdCxoufNM rfHwH5lXaNCAthWOyHvydwMpbkDS6aVQrdrikJRnZwzrgBAlJEu/F+I4N3xuJNzi 9p/2IAKEcLYuXL2JzS/QmSbORcO0Y1Ogu3a+cjjkJ+3zhrVnZIpW98nMIBOohfz2 bWiFsJ6YwTqqzj4DvoSfNDG0FnwqE+8= =PlNm -----END PGP SIGNATURE-----
--- End Message ---
