[{"id":1759690,"web_url":"http://patchwork.ozlabs.org/comment/1759690/","msgid":"<20170829231211.716e5591@windsurf.lan>","list_archive_url":null,"date":"2017-08-29T21:12:11","subject":"Re: [Buildroot] [PATCH] connman: security bump to version 1.35","submitter":{"id":2230,"url":"http://patchwork.ozlabs.org/api/people/2230/","name":"Thomas Petazzoni","email":"thomas.petazzoni@free-electrons.com"},"content":"Hello,\n\nOn Mon, 28 Aug 2017 21:16:51 +0300, Baruch Siach wrote:\n> Fixes CVE-2017-12865: stack overflow in dns proxy feature.\n> \n> Cc: Martin Bark \n> Signed-off-by: Baruch Siach \n> ---\n> package/connman/connman.hash | 2 +-\n> package/connman/connman.mk | 2 +-\n> 2 files changed, 2 insertions(+), 2 deletions(-)\n\nApplied to master, thanks. I have to say I was a bit surprised to not\nsee this CVE mentioned on the Connman page about the 1.35 release. But\nindeed, Debian says it has been fixed in 1.35, and there is a fix for a\ncrash in dnsproxy.c, which matches the CVE.\n\nUpstream could be a little bit clearer though. Or maybe the CVE was\nfilled after 1.35 was released ?\n\nThomas","headers":{"Return-Path":"","X-Original-To":["incoming@patchwork.ozlabs.org","buildroot@lists.busybox.net"],"Delivered-To":["patchwork-incoming@bilbo.ozlabs.org","buildroot@osuosl.org"],"Authentication-Results":"ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=busybox.net\n\t(client-ip=140.211.166.137; helo=fraxinus.osuosl.org;\n\tenvelope-from=buildroot-bounces@busybox.net;\n\treceiver=)","Received":["from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xhhD46M8nz9s06\n\tfor ;\n\tWed, 30 Aug 2017 07:12:20 +1000 (AEST)","from localhost (localhost [127.0.0.1])\n\tby fraxinus.osuosl.org (Postfix) with ESMTP id C15C087624;\n\tTue, 29 Aug 2017 21:12:16 +0000 (UTC)","from fraxinus.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id zAWTGRzWWPoV; Tue, 29 Aug 2017 21:12:15 +0000 (UTC)","from ash.osuosl.org (ash.osuosl.org [140.211.166.34])\n\tby fraxinus.osuosl.org (Postfix) with ESMTP id D9583868AA;\n\tTue, 29 Aug 2017 21:12:14 +0000 (UTC)","from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])\n\tby ash.osuosl.org (Postfix) with ESMTP id 285241C0762\n\tfor ;\n\tTue, 29 Aug 2017 21:12:13 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n\tby whitealder.osuosl.org (Postfix) with ESMTP id 1FC8D8845F\n\tfor ;\n\tTue, 29 Aug 2017 21:12:13 +0000 (UTC)","from whitealder.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id nU9+5xH0f2eD for ;\n\tTue, 29 Aug 2017 21:12:12 +0000 (UTC)","from mail.free-electrons.com (mail.free-electrons.com [62.4.15.54])\n\tby whitealder.osuosl.org (Postfix) with ESMTP id 7AA468814C\n\tfor ; Tue, 29 Aug 2017 21:12:12 +0000 (UTC)","by mail.free-electrons.com (Postfix, from userid 110)\n\tid B29D921F69; Tue, 29 Aug 2017 23:12:10 +0200 (CEST)","from windsurf.lan (LFbn-1-15133-129.w86-206.abo.wanadoo.fr\n\t[86.206.239.129])\n\tby mail.free-electrons.com (Postfix) with ESMTPSA id 853F421F66;\n\tTue, 29 Aug 2017 23:12:10 +0200 (CEST)"],"X-Virus-Scanned":["amavisd-new at osuosl.org","amavisd-new at osuosl.org"],"X-Greylist":"domain auto-whitelisted by SQLgrey-1.7.6","Date":"Tue, 29 Aug 2017 23:12:11 +0200","From":"Thomas Petazzoni ","To":"Baruch Siach ","Message-ID":"<20170829231211.716e5591@windsurf.lan>","In-Reply-To":"<90e8969c73a1c0e21f3c2f060d590de9172853c1.1503944211.git.baruch@tkos.co.il>","References":"<90e8969c73a1c0e21f3c2f060d590de9172853c1.1503944211.git.baruch@tkos.co.il>","Organization":"Free Electrons","X-Mailer":"Claws Mail 3.14.1 (GTK+ 2.24.31; x86_64-redhat-linux-gnu)","MIME-Version":"1.0","Cc":"buildroot@busybox.net, Martin Bark ","Subject":"Re: [Buildroot] [PATCH] connman: security bump to version 1.35","X-BeenThere":"buildroot@busybox.net","X-Mailman-Version":"2.1.18-1","Precedence":"list","List-Id":"Discussion and development of buildroot ","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"buildroot-bounces@busybox.net","Sender":"\"buildroot\" "}},{"id":1764016,"web_url":"http://patchwork.ozlabs.org/comment/1764016/","msgid":"<87shg0f5bo.fsf@dell.be.48ers.dk>","list_archive_url":null,"date":"2017-09-06T11:13:15","subject":"Re: [Buildroot] [PATCH] connman: security bump to version 1.35","submitter":{"id":42365,"url":"http://patchwork.ozlabs.org/api/people/42365/","name":"Peter Korsgaard","email":"peter@korsgaard.com"},"content":">>>>> \"Baruch\" == Baruch Siach writes:\n\n > Fixes CVE-2017-12865: stack overflow in dns proxy feature.\n > Cc: Martin Bark \n > Signed-off-by: Baruch Siach \n\nCommitted to 2017.02.x, thanks.","headers":{"Return-Path":"","X-Original-To":["incoming@patchwork.ozlabs.org","buildroot@lists.busybox.net"],"Delivered-To":["patchwork-incoming@bilbo.ozlabs.org","buildroot@osuosl.org"],"Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=busybox.net\n\t(client-ip=140.211.166.133; helo=hemlock.osuosl.org;\n\tenvelope-from=buildroot-bounces@busybox.net;\n\treceiver=)","ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"hmT7K0Fd\"; dkim-atps=neutral"],"Received":["from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xnLYW1M4Sz9s9Y\n\tfor ;\n\tWed, 6 Sep 2017 21:13:35 +1000 (AEST)","from localhost (localhost [127.0.0.1])\n\tby hemlock.osuosl.org (Postfix) with ESMTP id 8356589AA7;\n\tWed, 6 Sep 2017 11:13:29 +0000 (UTC)","from hemlock.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id pc5jk8azXXry; Wed, 6 Sep 2017 11:13:27 +0000 (UTC)","from ash.osuosl.org (ash.osuosl.org [140.211.166.34])\n\tby hemlock.osuosl.org (Postfix) with ESMTP id CC4E589A79;\n\tWed, 6 Sep 2017 11:13:27 +0000 (UTC)","from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])\n\tby ash.osuosl.org (Postfix) with ESMTP id B73D01C097A\n\tfor ;\n\tWed, 6 Sep 2017 11:13:25 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n\tby whitealder.osuosl.org (Postfix) with ESMTP id B1FFE81655\n\tfor ;\n\tWed, 6 Sep 2017 11:13:25 +0000 (UTC)","from whitealder.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id xcgyGLsxLZaL for ;\n\tWed, 6 Sep 2017 11:13:24 +0000 (UTC)","from mail-wm0-f45.google.com (mail-wm0-f45.google.com\n\t[74.125.82.45])\n\tby whitealder.osuosl.org (Postfix) with ESMTPS id 5AF60814AE\n\tfor ; Wed, 6 Sep 2017 11:13:24 +0000 (UTC)","by mail-wm0-f45.google.com with SMTP id i145so28207165wmf.1\n\tfor ; Wed, 06 Sep 2017 04:13:24 -0700 (PDT)","from dell.be.48ers.dk ([91.183.172.93])\n\tby smtp.gmail.com with ESMTPSA id 5sm2151751wrb.9.2017.09.06.04.13.20\n\t(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);\n\tWed, 06 Sep 2017 04:13:20 -0700 (PDT)","from peko by dell.be.48ers.dk with local (Exim 4.88)\n\t(envelope-from )\n\tid 1dpYGh-0005r3-F3; Wed, 06 Sep 2017 13:13:15 +0200"],"X-Virus-Scanned":["amavisd-new at osuosl.org","amavisd-new at osuosl.org"],"X-Greylist":"domain auto-whitelisted by SQLgrey-1.7.6","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;\n\th=sender:from:to:cc:subject:references:date:in-reply-to:message-id\n\t:user-agent:mime-version;\n\tbh=kS7JmIj43HbZW0BDtCtu1ihJok+7gBzPQFuDNxyp3ew=;\n\tb=hmT7K0FdKcznbmsyJOd4uJQOatwBVL/KI0kjHjeI3uGT94mu9hx+oK2Qo/bXA9t8OD\n\t9OVTYb3Rl4REVh+q5HaCE0w9Pz0ACaGY/g2dY6/11ucToNdAVxX+vphUFCldoqcelX3N\n\tBdVYU5FukUQxM3ubUqXzd7TMo1NWqvP6+xmToP1jscKy7r75SgahPABj6mWpP8BVONEm\n\tPke5xkW/HYICLHMAqvYRuImFvUyJo2Q6+B96rR0MB8mwKHiGxileDHoEOFxHXnxfPq7b\n\tqtOQap0g1TC6vViIZej9rLDx8feAYdVbCyLDA469SgSufAxhPvxvnygQ70wM5pmuQx1X\n\tw4+w==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:sender:from:to:cc:subject:references:date\n\t:in-reply-to:message-id:user-agent:mime-version;\n\tbh=kS7JmIj43HbZW0BDtCtu1ihJok+7gBzPQFuDNxyp3ew=;\n\tb=oYASDlCPQaRzFXejLF2TTdjCsHthopvebQEpV0S8dLN3ceKqPocYbboh7d2iiVLaW5\n\tjDRa3ZvKfo3sEXeiNLoUXVt61qjXvUAVH8ZSgp3pa9QQxx9RRKwKgtt/KfH2tLMbXKJ+\n\tsmY+VJXxckU7TKR0ZbXOTPzVWBSM/U4MsBmmExs2JndXG8PypF0CLP1luRA4PFYc0cC8\n\tLlBcbWKVLQ2h3I2lT8zm24605Dk+MQO0SkRzHwTlq30S74+TghLLAjlUFL1S++1P2OJx\n\tksBRBKe4VfwxIHFREpS4NA9UNVosNJVG9JXi9gtHCn56FxpjQzEMgPmJn+SnP0X29uSd\n\tqTHQ==","X-Gm-Message-State":"AHPjjUiQmbJsX0dMp25+jbnhYEbz2fWnJPDWpdT0QQDiRhRc8GoX3F06\n\tofLRhekLEonpUQ==","X-Google-Smtp-Source":"ADKCNb6Guw6eQh62wPbipp0mef7Vov0qAqeBl1dH+Ev6Ai3ZfSzhP/qRnEQZSMtnmVtzMMHahr2e3g==","X-Received":"by 10.28.149.144 with SMTP id x138mr1342507wmd.58.1504696402332; \n\tWed, 06 Sep 2017 04:13:22 -0700 (PDT)","From":"Peter Korsgaard ","To":"Baruch Siach ","References":"<90e8969c73a1c0e21f3c2f060d590de9172853c1.1503944211.git.baruch@tkos.co.il>","Date":"Wed, 06 Sep 2017 13:13:15 +0200","In-Reply-To":"<90e8969c73a1c0e21f3c2f060d590de9172853c1.1503944211.git.baruch@tkos.co.il>\n\t(Baruch Siach's message of \"Mon, 28 Aug 2017 21:16:51 +0300\")","Message-ID":"<87shg0f5bo.fsf@dell.be.48ers.dk>","User-Agent":"Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)","MIME-Version":"1.0","Cc":"buildroot@busybox.net, Martin Bark ","Subject":"Re: [Buildroot] [PATCH] connman: security bump to version 1.35","X-BeenThere":"buildroot@busybox.net","X-Mailman-Version":"2.1.18-1","Precedence":"list","List-Id":"Discussion and development of buildroot ","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"buildroot-bounces@busybox.net","Sender":"\"buildroot\" "}}]