On Tue, May 15, 2012 at 11:44:17 +0200, Moritz Muehlenhoff wrote: > Package: connman > Severity: grave > Tags: security > > > CVE-2012-2320: Conman doesn't check for the origin of netlink messages (from > https://bugzilla.novell.com/show_bug.cgi?id=715172#c4) > http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=c1b968984212b46bea1330f5ae029507b9bfded9 > http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=b0ec6eb4466acc57a9ea8be52c17b674b6ea0618 > > CVE-2012-2321: Check hostname validity prior setting the hostname in loopback > plug-in: (from > https://bugzilla.novell.com/show_bug.cgi?id=715172#c4) > http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=26ace5c59f790bce0f1988b88874c6f2c480fd5a > http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=a5f540db7354b76bcabd0a05d8eb8ba2bff4e911 > > CVE-2012-2322: DHCPv6 option parsing vulnerable to DoS (endless loop): (from > https://bugzilla.novell.com/show_bug.cgi?id=715172#c9) > http://lists.connman.net/pipermail/connman/2012-May/009473.html > > Since this package is effectively unmaintained (no upload later than 2010 and > waaaay behind > upstream I suggest to simply remove it for Wheezy?) > $ dak rm -Rn -s testing connman [...]
Checking reverse dependencies... # Broken Build-Depends: fso-gsmd: connman-dev Dependency problem found. Sebastian, fso folks, is there a way to remove this build-dependency on connman? Cheers, Julien
signature.asc
Description: Digital signature