Package: connman Severity: grave Tags: security
CVE-2012-2320: Conman doesn't check for the origin of netlink messages (from https://bugzilla.novell.com/show_bug.cgi?id=715172#c4) http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=c1b968984212b46bea1330f5ae029507b9bfded9 http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=b0ec6eb4466acc57a9ea8be52c17b674b6ea0618 CVE-2012-2321: Check hostname validity prior setting the hostname in loopback plug-in: (from https://bugzilla.novell.com/show_bug.cgi?id=715172#c4) http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=26ace5c59f790bce0f1988b88874c6f2c480fd5a http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=a5f540db7354b76bcabd0a05d8eb8ba2bff4e911 CVE-2012-2322: DHCPv6 option parsing vulnerable to DoS (endless loop): (from https://bugzilla.novell.com/show_bug.cgi?id=715172#c9) http://lists.connman.net/pipermail/connman/2012-May/009473.html Since this package is effectively unmaintained (no upload later than 2010 and waaaay behind upstream I suggest to simply remove it for Wheezy?) Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
