On Tue, May 15, 2012 at 09:39:06PM +0200, Julien Cristau wrote: > On Tue, May 15, 2012 at 11:44:17 +0200, Moritz Muehlenhoff wrote: > > > Package: connman > > Severity: grave > > Tags: security > > > > > > CVE-2012-2320: Conman doesn't check for the origin of netlink messages > > (from > > https://bugzilla.novell.com/show_bug.cgi?id=715172#c4) > > http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=c1b968984212b46bea1330f5ae029507b9bfded9 > > http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=b0ec6eb4466acc57a9ea8be52c17b674b6ea0618 > > > > CVE-2012-2321: Check hostname validity prior setting the hostname in > > loopback plug-in: (from > > https://bugzilla.novell.com/show_bug.cgi?id=715172#c4) > > http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=26ace5c59f790bce0f1988b88874c6f2c480fd5a > > http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=a5f540db7354b76bcabd0a05d8eb8ba2bff4e911 > > > > CVE-2012-2322: DHCPv6 option parsing vulnerable to DoS (endless loop): (from > > https://bugzilla.novell.com/show_bug.cgi?id=715172#c9) > > http://lists.connman.net/pipermail/connman/2012-May/009473.html > > > > Since this package is effectively unmaintained (no upload later than 2010 > > and waaaay behind > > upstream I suggest to simply remove it for Wheezy?) > > > $ dak rm -Rn -s testing connman > [...] > > Checking reverse dependencies... > # Broken Build-Depends: > fso-gsmd: connman-dev > > Dependency problem found. > > Sebastian, fso folks, is there a way to remove this build-dependency on > connman?
Connman support is actually already disabled in fso-gsmd, since fso-gsmd needs at least connman 0.68 and Debian has only 0.48. Thus the build dependency can simply be removed. Can this wait another week? Next week will be a new upstream release of all fso components, which we plan to upload asap to be in time for wheezy. -- Sebastian
signature.asc
Description: Digital signature
