Your message dated Fri, 19 Aug 2022 09:48:57 +0000 with message-id <e1ooycb-000a8a...@fasolo.debian.org> and subject line Bug#1016976: fixed in connman 1.41-2 has caused the Debian Bug report #1016976, regarding connman: CVE-2022-32292 CVE-2022-32293 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1016976: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016976 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: connman X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for connman. CVE-2022-32292[0]: | In ConnMan through 1.41, remote attackers able to send HTTP requests | to the gweb component are able to exploit a heap-based buffer overflow | in received_data to execute code. https://lore.kernel.org/connman/20220801080043.4861-5-w...@monom.org/ https://bugzilla.suse.com/show_bug.cgi?id=1200189 CVE-2022-32293[1]: | In ConnMan through 1.41, a man-in-the-middle attack against a WISPR | HTTP query could be used to trigger a use-after-free in WISPR | handling, leading to crashes or code execution. https://lore.kernel.org/connman/20220801080043.4861-1-w...@monom.org/ https://lore.kernel.org/connman/20220801080043.4861-3-w...@monom.org/ https://bugzilla.suse.com/show_bug.cgi?id=1200190 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-32292 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32292 [1] https://security-tracker.debian.org/tracker/CVE-2022-32293 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32293 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: connman Source-Version: 1.41-2 Done: Vignesh Raman <vignesh.ra...@collabora.com> We believe that the bug you reported is fixed in the latest version of connman, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1016...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Vignesh Raman <vignesh.ra...@collabora.com> (supplier of updated connman package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 19 Aug 2022 10:50:06 +0530 Source: connman Architecture: source Version: 1.41-2 Distribution: unstable Urgency: medium Maintainer: Vignesh Raman <vignesh.ra...@collabora.com> Changed-By: Vignesh Raman <vignesh.ra...@collabora.com> Closes: 992584 1016976 Changes: connman (1.41-2) unstable; urgency=medium . * d/patches: (Closes: #1016976) + wispr-Add-reference-counter-to-portal-context.patch: fixes CVE-2022-32293 + wispr-Update-portal-context-references.patch: fixes CVE-2022-32293 + gweb-Fix-OOB-write-in-received_data.patch: fixes CVE-2022-32292 * debian/control: new upstream url https://git.kernel.org/pub/scm/network/connman/connman.git (Closes: #992584) Checksums-Sha1: a1b22c31bbcde729d3d05ab75b461e72b4d0d9c3 2136 connman_1.41-2.dsc 56a8475bd212c320915c49b581b38eee45b233da 15260 connman_1.41-2.debian.tar.xz 610613a7ed31437bf0e99f2cc9fca25a112ae0d1 9131 connman_1.41-2_source.buildinfo Checksums-Sha256: 2a02721ce10cad4eaa2281d30058803c6af47d6f7b9a104e53136dae42db2f00 2136 connman_1.41-2.dsc d2b38672101db4162935d20a8f44d5720f090619b02813a8f5df761783c8fb3b 15260 connman_1.41-2.debian.tar.xz 5671e755f5c880a8986be86b4c9df2690cb74f7030f6753b2a47bc8b510074cc 9131 connman_1.41-2_source.buildinfo Files: e1e20121470020ed3ad9ec9e7905c963 2136 net optional connman_1.41-2.dsc 838489fc87c77341a1ebfd79cd229eba 15260 net optional connman_1.41-2.debian.tar.xz f34ad0273dc9b757543339941249d0d1 9131 net optional connman_1.41-2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmL/WU4QHGJhZ2VAZGVi aWFuLm9yZwAKCRAfXHqLRVZDFHvvDADk5nilNX6ify3dhC35hrxHh1dv4Mp9xATx blZlFBFEpUbUNVIkBNsbG0Vl3LgZSvh2xVtO2Ek/JPzsO2UqREIx/cEMwnUh6Xhq MqDZlQGJiqvAjM9QaYOCEYjtmlXflvio3WKEOlfl9Yq4r1BHUUhNnH+lC67P68TY RquuIuZ1jVmwLXedJuJ2BGgIF497Do8gmglKwO5FdXod3TGNlZCc8yfCaTOgWIhB m5aPm70dpnkICRPXq6EAiHhnaNscboIddQK3qugja6FkGlQWobP8BYmYk+eBSyiQ kNeBxDmNhoWfrh13OdJCM/+ul/AgaLvLzafET5n9jsIwEWffIkJKhpNTnvjDDcb8 gQ0LzQC5aUW2kILrxxq+ECHHm/+G4zd/aXy0OjmKtHoZMJ9U971Pdq0kferctR8R 3OwBADPl+70CjFW4wLmUV6N+p8yv8xbPDd7a9BNpHkmNjH/0K8cBAL0xjO96o5sa RS4rlZJeafDXTgvkdiYvz80AFcNjpDA= =oP/X -----END PGP SIGNATURE-----
--- End Message ---
