Your message dated Tue, 06 May 2025 21:34:05 +0000
with message-id <[email protected]>
and subject line Bug#1103530: fixed in connman 1.44-2
has caused the Debian Bug report #1103530,
regarding connman: CVE-2025-32743
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1103530: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103530
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: connman
Version: 1.43-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for connman.
CVE-2025-32743[0]:
| In ConnMan through 1.44, the lookup string in ns_resolv in
| dnsproxy.c can be NULL or an empty string when the TC (Truncated)
| bit is set in a DNS response. This allows attackers to cause a
| denial of service (application crash) or possibly execute arbitrary
| code, because those lookup values lead to incorrect length
| calculations and incorrect memcpy operations.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-32743
https://www.cve.org/CVERecord?id=CVE-2025-32743
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: connman
Source-Version: 1.44-2
Done: Dylan Aïssi <[email protected]>
We believe that the bug you reported is fixed in the latest version of
connman, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dylan Aïssi <[email protected]> (supplier of updated connman package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 06 May 2025 22:47:54 +0200
Source: connman
Architecture: source
Version: 1.44-2
Distribution: unstable
Urgency: medium
Maintainer: Vignesh Raman <[email protected]>
Changed-By: Dylan Aïssi <[email protected]>
Closes: 1103530
Changes:
connman (1.44-2) unstable; urgency=medium
.
* Team upload.
* Cherry-pick upstream patch fixing CVE-2025-32743 (Closes: #1103530)
Checksums-Sha1:
423e3999462eba9ee6d8c5af95a35b70dd5691b9 2402 connman_1.44-2.dsc
d541c04965e97c4b0ee8cd6a7a6e4fb1f73f0cc5 16624 connman_1.44-2.debian.tar.xz
1570293dd67edef279900ffe1eb4c6b117e270b9 12009 connman_1.44-2_amd64.buildinfo
Checksums-Sha256:
5b9c16a73ef0aef8a90bd80646a6fc1bd8aa304e059de0024a79c37fbc516cd4 2402
connman_1.44-2.dsc
4d8715077c65d24467d2cbd871c6daa9019750b5440af89e507ab2eff0d2c150 16624
connman_1.44-2.debian.tar.xz
75f95be7b340f0b6313884210ba4dfc8d914c3d8e62b5b60d7dbb0747d667949 12009
connman_1.44-2_amd64.buildinfo
Files:
167ad8c734d1b33c4bf6025791cae451 2402 net optional connman_1.44-2.dsc
3a7e0e4db198a235abd7ac199d054299 16624 net optional
connman_1.44-2.debian.tar.xz
b80bbbfa736fe77f564947764449a9eb 12009 net optional
connman_1.44-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEmjwHvQbeL0FugTpdYS7xYT4FD1QFAmgaetcACgkQYS7xYT4F
D1SeURAArnG5gLvfks+YU7fsCDHpvgEKl/rL8n56MQLzKAX6peHidPLCbawaFpZV
J9/dgXigqUyEbj73Bk315j/Y2BkW/0BslfKJKx9is4kTATj/pR2cukCm1zDVjHFQ
YuacDJfXi/wnL57D0V0TG51FbZXD9bq/4orD9Pco20+vXmWMEbENNVYEJL/P0qss
C+BTV4RwSmcQq/A0JFAIvTnd2Xu4jz/5BnIwdIcB49a3R+NTRsOEq++q4yCwHa4r
HoINHnME3ePBveLlVCn1QqeQ9HfAQspq4Hn+fl9tW9Kvs8gNGdVxx4Ji+/xx651P
N0Bjzan1CqIJkJvOMlm/BMfXOl4VxU4lNlYhrjnaonGknfXYtsaqU+ZImv8D0wo3
17pcMgFjJxm1OIQETr2g7hn/PnJuoShuArOozsSHGEnJuK677kgITirW6zslPBl6
FJjptt+mNHg20V6I/LyO0ODol1bx+niRWx1q8TAajHo9WZkSTuVHWP2kTbcaTq09
xoJqrp4rP83pn1llQVwanpsiQZNlatMzYi0N7XSG9s/4O0WbqqZCSF8nkPnEuQL9
VIug5EPzdMlnxh6IE2WwSj+687Oz2OkpTs4E9WqMPFp4z2PS/Jj5COwLVQU4AUNV
bQge2YPFT64GZNdiDPs7POKpjV4Hz+gklwMuL+qTqXQIADcFzOI=
=3ihH
-----END PGP SIGNATURE-----
pgpgqe9K9Xs8f.pgp
Description: PGP signature
--- End Message ---
