Debian Bug report logs -
#986809
CVE-2021-20297
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Mon, 12 Apr 2021 10:15:01 UTC
Severity: important
Tags: security, upstream
Found in version network-manager/1.28.0-2
Fixed in version network-manager/1.30.0-2
Done: Michael Biebl <biebl@debian.org>
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>:
Bug#986809; Package network-manager.
(Mon, 12 Apr 2021 10:15:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>.
(Mon, 12 Apr 2021 10:15:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: network-manager
Version: 1.28.0-2+b1
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
Original report, somewhat short of details:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-20297
(https://bugzilla.redhat.com/show_bug.cgi?id=1942741 is not public)
Introduced by: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/3ced486f4162edcd03ff42fa27535130aff0c86c (1.26-rc2)
Fixed by: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/420784e342da4883f6debdfe10cde68507b10d27
Cheers,
Moritz
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 12 Apr 2021 11:48:08 GMT) (full text, mbox, link).
Reply sent
to Michael Biebl <biebl@debian.org>:
You have taken responsibility.
(Mon, 12 Apr 2021 19:51:07 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Mon, 12 Apr 2021 19:51:08 GMT) (full text, mbox, link).
Message #12 received at 986809-close@bugs.debian.org (full text, mbox, reply):
Source: network-manager
Source-Version: 1.30.0-2
Done: Michael Biebl <biebl@debian.org>
We believe that the bug you reported is fixed in the latest version of
network-manager, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 986809@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <biebl@debian.org> (supplier of updated network-manager package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 12 Apr 2021 21:15:36 +0200
Source: network-manager
Architecture: source
Version: 1.30.0-2
Distribution: unstable
Urgency: medium
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Changed-By: Michael Biebl <biebl@debian.org>
Closes: 986809
Changes:
network-manager (1.30.0-2) unstable; urgency=medium
.
* core: fix crash in nm_wildcard_match_check()
(CVE-2021-20297, Closes: #986809)
Checksums-Sha1:
9ec6893ea8e975287613f1e804806ca9598b7e86 3088 network-manager_1.30.0-2.dsc
79184c93741a73353dc233908b5254e1482e96e9 47364 network-manager_1.30.0-2.debian.tar.xz
43f035866001fcc7997d1c732412298e85e57583 8572 network-manager_1.30.0-2_source.buildinfo
Checksums-Sha256:
d6c94fa00f4bd99dc6f89b17e7d1560af96f78a07847432aaf12d11e07a36189 3088 network-manager_1.30.0-2.dsc
407aedec06aa8ec23bfce51e7cb51219c364e3ce7c3845a17afa62940e69da83 47364 network-manager_1.30.0-2.debian.tar.xz
91ae8192374b3e63b0e4358aab45d2af064753a8d9a1a959a9eed28d96d41897 8572 network-manager_1.30.0-2_source.buildinfo
Files:
c69af770926b89ae156206ca64638cc3 3088 net optional network-manager_1.30.0-2.dsc
523bbe52c7250c83e714c1a151bb8dc9 47364 net optional network-manager_1.30.0-2.debian.tar.xz
57edf6f7b354cbead85488be9e0fc8a6 8572 net optional network-manager_1.30.0-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAmB0ntIACgkQauHfDWCP
ItzHMA/+MG85CBMSwgL5hsjttcpRqDHeZZ0t3e2eQjAQQ1fXznmbZfXaooxYsVOi
P4P35KQP6+DP2qrFW09yBacfWt2bDIsOzvJ0LMI+EZTe151CRiwQvuabp9QTzLcc
LfuxSa9vkg1zWU5lZVf6ukNTM/ggIoJwKTljkozNroRDvkTEusw6aZdJsXmWbtG9
9FoIf47XdEzvqHVfzIMMU21thZ2lqWai1m5gAPcb9RuLFq0Ar6hkTqjpyRAV7zGu
t+jePThrR0K7nSd3Gp2Kx/Fc15rQ+EPnbvwjFndL2vc5Lp6S9S4/k2MTUqtNofg2
1lIBcuj3uzlcTJ0W8nUWaxbknOB8lJPX7YDUwpNHQR+ExTlfSt6ktd8amn+BI/0J
ouAsdYMT6p27yH0oTKr5aqJptG6kmOjoNipENUHcddOOa3bnHcspF6je4nS7Subo
CUw64q6nyVwqMGt7x58IhjIRCxY6JbjyjhWKV9r8495vC+6C/FJ2mkSFjd+un42L
1G+hVNyCHBNkNa3wUGZlQ1JD3zqGWLI9b9LO6yS4G3lIV41k7ejYN2wceZ1Tn6vd
ouUv2Dj+ZEDDxUuCfQ81qDQdBM06nKUK1f+9E4JA8m4IbDwqxTUB5bvtWSR2vqz2
aEzOOqSbDGMWSJgxi0096hA2NuH8ajlRuvUmHvtVlxRGICW1a70=
=X80l
-----END PGP SIGNATURE-----
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Tue Apr 13 08:07:10 2021;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon