* CVE-2021-26675: "The commit fixes a stack buffer overflow that can be used to execute code by network adjacent attackers." Patch 1: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb * CVE-2021-26676: "Remote stack information leak which can be used to help execute CVE-2021-26675 reliably." Patch 1: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1 Patch 2: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa --- Please apply these patches as soon as possible.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=300b4180d98af2f92b3f678c60d35d0d00ca699e commit 300b4180d98af2f92b3f678c60d35d0d00ca699e Author: Ben Kohler <bkohler@gentoo.org> AuthorDate: 2021-02-08 13:35:52 +0000 Commit: Ben Kohler <bkohler@gentoo.org> CommitDate: 2021-02-08 13:36:11 +0000 net-misc/connman: new snapshot Bug: https://bugs.gentoo.org/769491 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: Ben Kohler <bkohler@gentoo.org> net-misc/connman/Manifest | 1 + net-misc/connman/connman-1.38_p20210205.ebuild | 102 +++++++++++++++++++++++++ 2 files changed, 103 insertions(+)
(In reply to Larry the Git Cow from comment #1) > The bug has been referenced in the following commit(s): > > https://gitweb.gentoo.org/repo/gentoo.git/commit/ > ?id=300b4180d98af2f92b3f678c60d35d0d00ca699e > > commit 300b4180d98af2f92b3f678c60d35d0d00ca699e > Author: Ben Kohler <bkohler@gentoo.org> > AuthorDate: 2021-02-08 13:35:52 +0000 > Commit: Ben Kohler <bkohler@gentoo.org> > CommitDate: 2021-02-08 13:36:11 +0000 > > net-misc/connman: new snapshot > > Bug: https://bugs.gentoo.org/769491 > Package-Manager: Portage-3.0.14, Repoman-3.0.2 > Signed-off-by: Ben Kohler <bkohler@gentoo.org> > > net-misc/connman/Manifest | 1 + > net-misc/connman/connman-1.38_p20210205.ebuild | 102 > +++++++++++++++++++++++++ > 2 files changed, 103 insertions(+) Well, 2.39 seems to have been cut not long after the snapshot (the release is one commit later). Please proceed with stabilization.
Figures =) I'll go ahead and bump to 1.39 now
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=395c4bdf42044d49bb0eeaf67d77d8307cab4403 commit 395c4bdf42044d49bb0eeaf67d77d8307cab4403 Author: Ben Kohler <bkohler@gentoo.org> AuthorDate: 2021-02-08 14:52:02 +0000 Commit: Ben Kohler <bkohler@gentoo.org> CommitDate: 2021-02-08 14:52:16 +0000 net-misc/connman: bump to 1.39, drop unneeded snapshot Bug: https://bugs.gentoo.org/769491 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: Ben Kohler <bkohler@gentoo.org> net-misc/connman/Manifest | 2 +- .../connman/{connman-1.38_p20210205.ebuild => connman-1.39.ebuild} | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-)
amd64 done
*** Bug 769866 has been marked as a duplicate of this bug. ***
x86 done
ppc done
ppc64 done
arm done
arm64 done all arches done
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be41f4372169c62a8f4a12da2b4dacd67f3b5ce4 commit be41f4372169c62a8f4a12da2b4dacd67f3b5ce4 Author: Ben Kohler <bkohler@gentoo.org> AuthorDate: 2021-02-18 13:50:58 +0000 Commit: Ben Kohler <bkohler@gentoo.org> CommitDate: 2021-02-18 13:51:14 +0000 net-misc/connman: drop old Bug: https://bugs.gentoo.org/769491 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: Ben Kohler <bkohler@gentoo.org> net-misc/connman/Manifest | 1 - net-misc/connman/connman-1.38.ebuild | 100 ----------------------------------- 2 files changed, 101 deletions(-)
Thank you!
GLSA request filed.
This issue was resolved and addressed in GLSA 202107-29 at https://security.gentoo.org/glsa/202107-29 by GLSA coordinator Sam James (sam_c).