From $URL: A flaw was found in ConnMan 1.34 and earlier. Connman DNS-proxy feature forwards DNS queries from the localhost to an external DNS server. The DNS resonse handled from an external DNS server may cause a remote denial-of-service or possibly remote code execution if malformed. The flaw is in the lenght of the variable "name" in src/dnsproxy.c. Upstream patch: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71
Version 1.35 is now in the tree: commit 6e6adfa40771badfb21c1ff3f71aaf464b754f34 Author: Yixun Lan <dlan@gentoo.org> Date: Tue Sep 5 10:36:29 2017 +0800 net-misc/connman: version bump 1.35 Package-Manager: Portage-2.3.6, Repoman-2.3.3 Future stabilization will be done in bug 630028.
This issue was resolved and addressed in GLSA 201812-02 at https://security.gentoo.org/glsa/201812-02 by GLSA coordinator Aaron Bauman (b-man).
