Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2012-6459

Source

Debian Bug report logs - #697580
connman: CVE-2012-6459

Package: connman; Maintainer for connman is Alexander Sack <asac@debian.org>; Source for connman is src:connman (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Mon, 7 Jan 2013 07:57:02 UTC

Severity: grave

Tags: patch, security

Fixed in versions connman/1.0-1.1, connman/1.0-1.1+wheezy1

Done: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Alexander Sack <asac@debian.org>:
Bug#697580; Package connman. (Mon, 07 Jan 2013 07:57:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Alexander Sack <asac@debian.org>. (Mon, 07 Jan 2013 07:57:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: connman
Severity: grave
Tags: security

Please check, whether the version/configuration in Debian is affected:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6459
https://bugs.tizen.org/jira/browse/TIVI-211
http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=01126286f96856aab6b0de171830f4e8e842e1da

Cheers,
        Moritz

Information forwarded to debian-bugs-dist@lists.debian.org, Alexander Sack <asac@debian.org>:
Bug#697580; Package connman. (Wed, 09 Jan 2013 14:39:04 GMT) (full text, mbox, link).

Acknowledgement sent to John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>:
Extra info received and forwarded to list. Copy sent to Alexander Sack <asac@debian.org>. (Wed, 09 Jan 2013 14:39:04 GMT) (full text, mbox, link).

Message #10 received at 697580@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

Package: connman
Followup-For: Bug #697580

tags 697580 patch
thanks

Hi,

I have created an NMU which includes the upstream patch to fix
the vulnerabilty CVE-2012-6459. I am attaching the debdiff
towards the NMU version as well as the extracted upstream
patch.

I haven't tested the patch yet.

Cheers,

Adrian

[connman-1.0-1.1.patch (text/x-diff, attachment)]

[02-CVE-2012-6459.patch (text/x-diff, attachment)]

Added tag(s) patch. Request was from John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> to control@bugs.debian.org. (Wed, 09 Jan 2013 14:39:06 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Alexander Sack <asac@debian.org>:
Bug#697580; Package connman. (Fri, 11 Jan 2013 10:33:04 GMT) (full text, mbox, link).

Acknowledgement sent to John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>:
Extra info received and forwarded to list. Copy sent to Alexander Sack <asac@debian.org>. (Fri, 11 Jan 2013 10:33:04 GMT) (full text, mbox, link).

Message #17 received at 697580@bugs.debian.org (full text, mbox, reply):

Ping,

any news regarding this RC bug? If no one volunteers, I'd be happy to
make an NMU. As for the testing of this bug, I cannot readily verify
the fix since the test utility for Connman - "test-connman" - is not
part of Debian.

However, since the patch was provided by upstream, I assume that the
changes made are correct and working. So we should trust them and
apply the patch immediately.

Comments?

Cheers,

Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaubitz@debian.org
`. `'   Freie Universitaet Berlin - glaubitz@physik.fu-berlin.de
  `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Reply sent to John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>:
You have taken responsibility. (Fri, 11 Jan 2013 22:51:05 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Fri, 11 Jan 2013 22:51:06 GMT) (full text, mbox, link).

Message #22 received at 697580-close@bugs.debian.org (full text, mbox, reply):

Source: connman
Source-Version: 1.0-1.1

We believe that the bug you reported is fixed in the latest version of
connman, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 697580@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> (supplier of updated connman package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 09 Jan 2013 15:32:22 +0100
Source: connman
Binary: connman connman-dev connman-doc
Architecture: source amd64 all
Version: 1.0-1.1
Distribution: unstable
Urgency: low
Maintainer: Alexander Sack <asac@debian.org>
Changed-By: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Description: 
 connman    - Intel Connection Manager daemon
 connman-dev - Development files for connman
 connman-doc - ConnMan documentation
Closes: 697580
Changes: 
 connman (1.0-1.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Include patch to fix bluetooth offline visibility
     issue CVE-2012-6459 (Closes: #697580).
Checksums-Sha1: 
 637a018296f141ee304714a5f5acd8665265daa2 2129 connman_1.0-1.1.dsc
 65a7bc11635f788313a66bd2be499fbbfb0d55b9 514832 connman_1.0.orig.tar.xz
 9b35272a91f4d9845ef5d942bc55d4c4a57af6fd 8957 connman_1.0-1.1.debian.tar.gz
 37b6457fbe8ec3c1abb85b3c979a39ef55962d60 295548 connman_1.0-1.1_amd64.deb
 0b04e5a410eb05ba1944c6f849f74399c9c8bbc4 20238 connman-dev_1.0-1.1_amd64.deb
 50bb09a54f3fca6c51b9bbf3fdc7b0da12d4bba8 40636 connman-doc_1.0-1.1_all.deb
Checksums-Sha256: 
 e35151f1507623dc8b002f370669790f4220fbfc647cac035b892afeeb00ef12 2129 connman_1.0-1.1.dsc
 627896a506f66629d288934ba7ffb16f539d74f86723c70206cfe9f4c4bcad91 514832 connman_1.0.orig.tar.xz
 475efb94e6a2d8db3d0244f8d72e809aa9e7b0ecbd2ccef80228ac4a49aaf811 8957 connman_1.0-1.1.debian.tar.gz
 4744d978844d75acf0c1eb5f94978947d562f72c3ee06255ada2d96f51327dec 295548 connman_1.0-1.1_amd64.deb
 c85cf47b43749df060a9ca28564d74f1c9d16445d3012c53f79e452b9ad5dc31 20238 connman-dev_1.0-1.1_amd64.deb
 e2497203b4997e7bd538b3c8321e3ac841004d32c94a0cc585dd5d4a6cad7af2 40636 connman-doc_1.0-1.1_all.deb
Files: 
 9bea3998c8e157cd52261e3b2531afd5 2129 net optional connman_1.0-1.1.dsc
 0424267d2c1db6fbcaa729bf23967cc4 514832 net optional connman_1.0.orig.tar.xz
 e64f5180d7e62f75e4096897e9cdab5c 8957 net optional connman_1.0-1.1.debian.tar.gz
 50e2d88b63e6c0e0de5e6bfe03473057 295548 net optional connman_1.0-1.1_amd64.deb
 9f79dac86abb035acabc97acca66280a 20238 devel optional connman-dev_1.0-1.1_amd64.deb
 336d64cea3f17be24af0c450ba2ba702 40636 doc optional connman-doc_1.0-1.1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJQ8JIFAAoJEHQmOzf1tfkTDloQAIPgZy2WmFCbN9MNl0Fxnjxq
f+WslYPqBrocu/gO/fbAEjs9WZmo6olTzvkugF/QC7gFYdJ4eWOlnqp9WUUwBn6D
nf4IGHuhybym2ZJonVoO3sDZna39Gxo8N1IrYyHyzUi/jxaSRzK84rR39UteWTfC
4ssUQRB+r9mV/IZLUgBRA6s7uKzlM9ypZjj9Q/6rZ5Y6CCtw3ayezhS+a7tJvTBR
NxUPqU1ImhXwpplmKEmM6CTHAEU6LODSGPpgReVtL2DAvhrlxPvvotVkSIy+Epol
U4slxcR2J27XL+Gjf+aJ1dlcdOdPT1/8zuBAIoFGRDQ0lFI2OUtj+KbyNFb3eg0L
xcxXkryn49beudBprU2+WREqyjTI71f7YCfj27bgDAHK3aa6dvdBOZwo8tenxCc+
jtiH9E8Bd5P0dm0oxs0zHQrf7cZJv3yz9gp1li7qnQ4NGXWCeTjw1MYHrJFOW9UG
w9PGTmjZk0z0oMYVus1xIjBr7uQW0z6cMQDZC0IL81CuDi5G9k27d1uHxjuMpJXX
62YXZybd60CvyCf9ZwsNlYraCzC2cxpKeYYQkS/fAU1zaO7d0XEdtSSQ2YzqOF0V
rQAaqUshQKc14yFbcvc6e+ZXsGLJex2VJmw9QVoBf+wo10nWB6fPjbEK79yCLLmU
eFbUHgjmKJEHxIQOPU+f
=eBOl
-----END PGP SIGNATURE-----

Reply sent to John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>:
You have taken responsibility. (Sun, 20 Jan 2013 09:21:03 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Sun, 20 Jan 2013 09:21:03 GMT) (full text, mbox, link).

Message #27 received at 697580-close@bugs.debian.org (full text, mbox, reply):

Source: connman
Source-Version: 1.0-1.1+wheezy1

We believe that the bug you reported is fixed in the latest version of
connman, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 697580@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> (supplier of updated connman package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 09 Jan 2013 15:32:22 +0100
Source: connman
Binary: connman connman-dev connman-doc
Architecture: source amd64 all
Version: 1.0-1.1+wheezy1
Distribution: testing-proposed-updates
Urgency: low
Maintainer: Alexander Sack <asac@debian.org>
Changed-By: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Description: 
 connman    - Intel Connection Manager daemon
 connman-dev - Development files for connman
 connman-doc - ConnMan documentation
Closes: 697580
Changes: 
 connman (1.0-1.1+wheezy1) testing-proposed-updates; urgency=low
 .
   * Non-maintainer upload.
   * Include patch to fix bluetooth offline visibility
     issue CVE-2012-6459 (Closes: #697580).
Checksums-Sha1: 
 20b60cf7db4f5f401d0c193a0cd4c4b6241bdf12 2161 connman_1.0-1.1+wheezy1.dsc
 65a7bc11635f788313a66bd2be499fbbfb0d55b9 514832 connman_1.0.orig.tar.xz
 94df35a70fe3995eeb99c122fbc925fd0d725018 8979 connman_1.0-1.1+wheezy1.debian.tar.gz
 83aea30dd0ceedf0372a8c5a54cc74862f2ef6d3 295556 connman_1.0-1.1+wheezy1_amd64.deb
 40024a5944805640b03e1aebaf30f1fa4f30ce1d 20262 connman-dev_1.0-1.1+wheezy1_amd64.deb
 885317ade9b6504d5aa69d8b82f8ab670c9cca71 40656 connman-doc_1.0-1.1+wheezy1_all.deb
Checksums-Sha256: 
 6fdf5e6a4b0fd5a715a2e2ff50e0321c410409dd4a318ae3ef8faf8220d9d76f 2161 connman_1.0-1.1+wheezy1.dsc
 627896a506f66629d288934ba7ffb16f539d74f86723c70206cfe9f4c4bcad91 514832 connman_1.0.orig.tar.xz
 250c07618a463bd6e8bc8b2dcca3b756ac4e2d1ce8789eb1a07712c295e95048 8979 connman_1.0-1.1+wheezy1.debian.tar.gz
 99ee5c29b97e620ceb90a83be986934d9c96c3f81fcd6545f9c7e910127c827c 295556 connman_1.0-1.1+wheezy1_amd64.deb
 d07a904a99ae47d244df66af6884701ca7e6ea0ba358aa105ebc4a2b209094a0 20262 connman-dev_1.0-1.1+wheezy1_amd64.deb
 18f5112305967bc183750519ea818012441e9c88acd3d35c017cb782cc98dbdb 40656 connman-doc_1.0-1.1+wheezy1_all.deb
Files: 
 e25ee9f98d42ad0c8907f8b3faac2ba1 2161 net optional connman_1.0-1.1+wheezy1.dsc
 0424267d2c1db6fbcaa729bf23967cc4 514832 net optional connman_1.0.orig.tar.xz
 26be05d5cd77db5fae65437e496ff81e 8979 net optional connman_1.0-1.1+wheezy1.debian.tar.gz
 0f333bd5f915113292f400f5d94627f1 295556 net optional connman_1.0-1.1+wheezy1_amd64.deb
 9ae6904a5999e5d79f917d50dd633b20 20262 devel optional connman-dev_1.0-1.1+wheezy1_amd64.deb
 b0a8633b7675e9de7297577fc8495ec5 40656 doc optional connman-doc_1.0-1.1+wheezy1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJQ+1C/AAoJEHQmOzf1tfkT4f0P/AlxwYEqcFY0CGGeGlv1aMjG
m/Zfu2K6C6owmLq8SiWm3y7VW+tP3HQoUsnHmFIAHxwWk/sOi7HBrewiXBq/xZVU
mB+5pf/f2Z1ShPSQoHqqwdAA72BgWsjvkmRxQEv3JvpnHXMNb9hEx8H53iv9qNtc
9y/Y9z7wtn7a/ZMGfcmmKgSMVXmoz1q7QZMbA1uLvMSBuONdFVMjF3R/FhIqdGE6
fcZnzO6EB94H7sQ7cwZ4UmpIB7RigsuLz44PKWFphNHeHXiJSe74fl95ocoS93Ev
8+ffrUNCBh4zJy6dw4hmjMljZ9pzqZ5fvr7WTqxsvmZIx9tae1AeuBn1lJVr8zjx
QI8AHOOfnjeyKKegMaVGwDyqbwWDdYXF2GReG1T5wVSkyTySX9WAgt9TtfPzFP+n
AN8DjATKFtEPnGEl+Fzp0y6Z/Hfqkn5YNcZO9j9+UgkHot5T7EVJG2ph/BtQFlnK
nCD2g8DdkEmd+wherJB8/AHvYEoQuWFx0bBWtXgNz9vL73Z3XB1Xdxay+UImlhnF
Js8HmBn80K000yt5Lo0bKGk0OWb9XfI0016xxVEDOWqeF69wlBuGNPpGZEnxRBXW
EfyfBpT+MhM1GMSFBTfn1Z+7/l/bfIXviOSK/d2O2SWCUq+qA0mbqrM3XZxbUQs3
QNZoVx1va75DmIvfShWY
=VsiZ
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 05 May 2013 07:59:47 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 18:53:50 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

connman: CVE-2012-6459

Debian Bug report logs - #697580 connman: CVE-2012-6459

Vulmon Search

About

Products

Connect

Debian Bug report logs - #697580
connman: CVE-2012-6459