[Pkg-utopia-maintainers] Bug#783295: network-manager: CVE-2015-2924: IPv6 Hop limit lowering via RA messages
Salvatore Bonaccorso
carnil at debian.org
Wed Jan 20 15:25:31 UTC 2016
Hi Michael,
Thanks for your reply.
On Wed, Jan 20, 2016 at 04:01:22PM +0100, Michael Biebl wrote:
> On Sat, 25 Apr 2015 15:08:19 +0200 Salvatore Bonaccorso
> <carnil at debian.org> wrote:
> > Source: network-manager
> > Version: 0.9.10.0-7
> > Severity: normal
> > Tags: security upstream
> >
> > Hi,
> >
> > the following vulnerability was published for network-manager.
> >
> > CVE-2015-2924[0]:
> > IPv6 Hop limit lowering via RA messages
> >
> > If you fix the vulnerability please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> >
> > For further information see:
> >
> > [0] https://security-tracker.debian.org/tracker/CVE-2015-2924
> > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1209902
> >
> > Please adjust the affected versions in the BTS as needed.
>
> The current versions in unstable/testing are not affected (fixed in
> 1.0.2, marked accordingly)
Thanks I have updated the security-tracker accordingly.
> Do you consider this issue important enough for a stable-security
> upload?
We think it's not needed to release a fix via a DSA for it, but if you
can, a fix via a stable point release would be great. Cf. the 'no-dsa'
tag in https://security-tracker.debian.org/tracker/CVE-2015-2924 .
Regards and thanks for your work,
Salvatore
More information about the Pkg-utopia-maintainers
mailing list