Your message dated Sat, 12 Jun 2021 18:32:07 +0000
with message-id <[email protected]>
and subject line Bug#989662: fixed in connman 1.36-2.1~deb10u2
has caused the Debian Bug report #989662,
regarding connman: CVE-2021-33833: dnsproxy: Check the length of buffers before
memcpy
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
989662: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989662
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: connman
Version: 1.36-2.1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 1.36-2.1~deb10u1
Hi,
The following vulnerability was published for connman. Choosing RC
severity to make sure the fix land in bullseye.
CVE-2021-33833[0]:
| dnsproxy: Check the length of buffers before memcpy
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-33833
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33833
[1] https://www.openwall.com/lists/oss-security/2021/06/09/1
[2]
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=eceb2e8d2341c041df55a5e2f047d9a8c491463c
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: connman
Source-Version: 1.36-2.1~deb10u2
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
connman, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated connman package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 12 Jun 2021 14:48:40 +0200
Source: connman
Architecture: source
Version: 1.36-2.1~deb10u2
Distribution: buster
Urgency: medium
Maintainer: Alexander Sack <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 989662
Changes:
connman (1.36-2.1~deb10u2) buster; urgency=medium
.
* Non-maintainer upload.
* dnsproxy: Check the length of buffers before memcpy (CVE-2021-33833)
(Closes: #989662)
Checksums-Sha1:
b2844a596f4dccda66f6a6db58bf950f77eb3613 2377 connman_1.36-2.1~deb10u2.dsc
36e2a194ecfbd0f594d80fb4b821c117a0281b75 16580
connman_1.36-2.1~deb10u2.debian.tar.xz
8f13a911ce1da3ec2c0338afe99a47f45373d14c 6580
connman_1.36-2.1~deb10u2_source.buildinfo
Checksums-Sha256:
9ff816bdb59b9f9e1f797e6d2d629efc47a033cbb977afe51cdeec7193c1f52f 2377
connman_1.36-2.1~deb10u2.dsc
b08414225b29f0e2443456bfc4930d4c5be6ca05b09b3c24eb508c4432c47c0e 16580
connman_1.36-2.1~deb10u2.debian.tar.xz
0b0566671464def6adec993ebb85b4fde57ee069616fb5648ba45a6d8ec6e543 6580
connman_1.36-2.1~deb10u2_source.buildinfo
Files:
ea00cafd4c3c259a43f0e8f32f4a71d8 2377 net optional connman_1.36-2.1~deb10u2.dsc
52cac8b0072cc3e0de06a22db966b427 16580 net optional
connman_1.36-2.1~deb10u2.debian.tar.xz
12506203cf714b372872c724e1be37bc 6580 net optional
connman_1.36-2.1~deb10u2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmDErXhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EdyoP/2VON576O912n8aCo7b3jhWZwZFBqxWn
Zg9E/H86ebKogjBv0dMCrJiFTTvMr8nNBLyZYYmvNgNSmYXyQl+CcAwmEt57njo/
Y5mhvBDnsT1Y63cunaa24DH9DvDyldORZRHNdHJvhTbiy5bXFcJ85o/x7vvqPb4j
27ESgtJsFCUZsv+PiMMG1Qi6UNz/5WgeMAYBlAos1XIXa6GL+DfMzp8rBHTjQlIt
vsBHM39NMt4llIazvA5MEiGI4jiRZtKqHTrvgCKlhHq7YixziImYQ+cpTJ+ZYKcB
H08BO9deQGiAf0ff/JLkP5fJXeqxZ9+1KCZb9aAUWmgJNQ3TCHZwit/Um+HVaGb/
DOdMO3X2c+/KQrNLy4yFIpisHzjqIa31qqeNGNLN4cv0cXWJHnkKJoXU0CA3OLWH
DdoWucyHQ4YV+kwzbKf1OAh1l+4kqhWA17rjouBCtGdPucKKKaipTX2skxgqNzs+
0Bno8P1jcWtHl/JpDMzWXJH+g+p8jFq6sdCXt3w2eA+plpJez4JkZRqOpYRRzMbS
ZUYm6JvNndakJEn+xLr44JAR2UeAGhUF1XkPd/amQBQxXFDsKy0vInH/vmhV4Es2
BSEK6JK8lp8BVwkrnwjXUYEloK/lS6JbxouVYEODJMKP2DyFoShnpmyitf0nHeDE
dtHuiYNetTNE
=DnnT
-----END PGP SIGNATURE-----
--- End Message ---
