Debian Bug report logs -
#989662
connman: CVE-2021-33833: dnsproxy: Check the length of buffers before memcpy
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 9 Jun 2021 17:21:02 UTC
Severity: grave
Tags: patch, pending, security, upstream
Found in versions connman/1.36-2.1, connman/1.36-2.1~deb10u1
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, Alexander Sack <asac@debian.org>:
Bug#989662; Package src:connman.
(Wed, 09 Jun 2021 17:21:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, Alexander Sack <asac@debian.org>.
(Wed, 09 Jun 2021 17:21:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: connman
Version: 1.36-2.1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 1.36-2.1~deb10u1
Hi,
The following vulnerability was published for connman. Choosing RC
severity to make sure the fix land in bullseye.
CVE-2021-33833[0]:
| dnsproxy: Check the length of buffers before memcpy
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-33833
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33833
[1] https://www.openwall.com/lists/oss-security/2021/06/09/1
[2] https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=eceb2e8d2341c041df55a5e2f047d9a8c491463c
Regards,
Salvatore
Marked as found in versions connman/1.36-2.1~deb10u1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to submit@bugs.debian.org.
(Wed, 09 Jun 2021 17:21:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Alexander Sack <asac@debian.org>:
Bug#989662; Package src:connman.
(Wed, 09 Jun 2021 19:09:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Alexander Sack <asac@debian.org>.
(Wed, 09 Jun 2021 19:09:05 GMT) (full text, mbox, link).
Message #12 received at 989662@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: tags 989662 + patch
Control: tags 989662 + pending
Dear maintainer,
I've prepared an NMU for connman (versioned as 1.36-2.2) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Alf, this is sort of not respecting the rules for NMU, my goal here
would be to make it possible to make as well an update for buster in
time. So if you agree I would even shorten the delay.
If you want to override the upload this is obviously perfectly fine!
Regards,
Salvatore
[connman-1.36-2.2-nmu.diff (text/x-diff, attachment)]
Added tag(s) patch.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 989662-submit@bugs.debian.org.
(Wed, 09 Jun 2021 19:09:05 GMT) (full text, mbox, link).
Added tag(s) pending.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 989662-submit@bugs.debian.org.
(Wed, 09 Jun 2021 19:09:06 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Thu Jun 10 16:14:03 2021;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon