[pkg-wicd-maint] Bug#901592: wicd-daemon: please remove the vulnerable dhcpcd5 from the OR'ed dependencies

Vincent Lefevre vincent at vinc17.net
Fri Jun 15 09:26:13 BST 2018

Package: wicd-daemon
Version: 1.7.4+tb2-6
Severity: serious
Tags: security

Due to bug 852343, wicd-daemon now depends on

  dhcpcd5 | isc-dhcp-client | pump | udhcpc

but dhcpcd5 has been vulnerable since at least 2014:


(dhcpcd5: CVE-2014-7913). And as a consequence, wicd has now been
removed from testing:


FYI: The status of the wicd source package
in Debian's testing distribution has changed.

  Previous version: 1.7.4+tb2-6
  Current version:  (not in testing)
  Hint: <https://release.debian.org/britney/hints/auto-removals>
    Bug #846938: dhcpcd5: CVE-2014-7913
    # in dhcpcd5

The unnecessary dependency on dhcpcd5 should be removed.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.16.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=POSIX (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages wicd-daemon depends on:
ii  adduser           3.117
ii  dbus              1.12.8-3
ii  debconf           1.5.67
ii  iputils-ping      3:20161105-1
ii  isc-dhcp-client   4.3.5-4
ii  lsb-base          9.20170808
ii  psmisc            23.1-1+b1
ii  python            2.7.15-3
ii  python-dbus       1.2.8-2
ii  python-gobject-2  2.28.6-13+b1
ii  python-wicd       1.7.4+tb2-6+local1
ii  wireless-tools    30~pre9-12+b1
ii  wpasupplicant     2:2.6-17

Versions of packages wicd-daemon recommends:
ii  rfkill                     2.32-0.1
ii  wicd-curses [wicd-client]  1.7.4+tb2-6+local1
ii  wicd-gtk [wicd-client]     1.7.4+tb2-6+local1

Versions of packages wicd-daemon suggests:
pn  pm-utils  <none>

Versions of packages wicd depends on:
ii  wicd-curses [wicd-client]  1.7.4+tb2-6+local1
ii  wicd-gtk [wicd-client]     1.7.4+tb2-6+local1

Versions of packages wicd-gtk depends on:
ii  python         2.7.15-3
ii  python-glade2  2.24.0-5.1+b1
ii  python-gtk2    2.24.0-5.1+b1

Versions of packages wicd-gtk recommends:
ii  menu           2.1.47+b1
ii  policykit-1    0.105-20
ii  python-notify  0.1.1-4

Versions of packages wicd-curses depends on:
ii  python        2.7.15-3
ii  python-urwid  2.0.1-2

Versions of packages wicd-curses recommends:
ii  sudo  1.8.23-1

Versions of packages python-wicd depends on:
ii  net-tools  1.60+git20161116.90da8a0-2
ii  python     2.7.15-3

Versions of packages python-wicd suggests:
ii  ethtool   1:4.16-1
ii  iproute2  4.16.0-4

-- Configuration Files:
/etc/wicd/encryption/templates/active changed [not included]

-- debconf information excluded

More information about the pkg-wicd-maint mailing list