[pkg-wicd-maint] Bug#901592: wicd-daemon: please remove the vulnerable dhcpcd5 from the OR'ed dependencies
Vincent Lefevre
vincent at vinc17.net
Fri Jun 15 09:26:13 BST 2018
Package: wicd-daemon
Version: 1.7.4+tb2-6
Severity: serious
Tags: security
Due to bug 852343, wicd-daemon now depends on
dhcpcd5 | isc-dhcp-client | pump | udhcpc
but dhcpcd5 has been vulnerable since at least 2014:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=846938
(dhcpcd5: CVE-2014-7913). And as a consequence, wicd has now been
removed from testing:
https://tracker.debian.org/news/965137/wicd-removed-from-testing/
------------------------------------------------------------------
FYI: The status of the wicd source package
in Debian's testing distribution has changed.
Previous version: 1.7.4+tb2-6
Current version: (not in testing)
Hint: <https://release.debian.org/britney/hints/auto-removals>
Bug #846938: dhcpcd5: CVE-2014-7913
# in dhcpcd5
------------------------------------------------------------------
The unnecessary dependency on dhcpcd5 should be removed.
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.16.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=POSIX (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages wicd-daemon depends on:
ii adduser 3.117
ii dbus 1.12.8-3
ii debconf 1.5.67
ii iputils-ping 3:20161105-1
ii isc-dhcp-client 4.3.5-4
ii lsb-base 9.20170808
ii psmisc 23.1-1+b1
ii python 2.7.15-3
ii python-dbus 1.2.8-2
ii python-gobject-2 2.28.6-13+b1
ii python-wicd 1.7.4+tb2-6+local1
ii wireless-tools 30~pre9-12+b1
ii wpasupplicant 2:2.6-17
Versions of packages wicd-daemon recommends:
ii rfkill 2.32-0.1
ii wicd-curses [wicd-client] 1.7.4+tb2-6+local1
ii wicd-gtk [wicd-client] 1.7.4+tb2-6+local1
Versions of packages wicd-daemon suggests:
pn pm-utils <none>
Versions of packages wicd depends on:
ii wicd-curses [wicd-client] 1.7.4+tb2-6+local1
ii wicd-gtk [wicd-client] 1.7.4+tb2-6+local1
Versions of packages wicd-gtk depends on:
ii python 2.7.15-3
ii python-glade2 2.24.0-5.1+b1
ii python-gtk2 2.24.0-5.1+b1
Versions of packages wicd-gtk recommends:
ii menu 2.1.47+b1
ii policykit-1 0.105-20
ii python-notify 0.1.1-4
Versions of packages wicd-curses depends on:
ii python 2.7.15-3
ii python-urwid 2.0.1-2
Versions of packages wicd-curses recommends:
ii sudo 1.8.23-1
Versions of packages python-wicd depends on:
ii net-tools 1.60+git20161116.90da8a0-2
ii python 2.7.15-3
Versions of packages python-wicd suggests:
ii ethtool 1:4.16-1
ii iproute2 4.16.0-4
-- Configuration Files:
/etc/wicd/encryption/templates/active changed [not included]
-- debconf information excluded
More information about the pkg-wicd-maint
mailing list