rcn-ee / repos

repos.rcn-ee.com
41 stars 30 forks source link

Upgrade Connman to 1.39 for Ubuntu 18.04 #50

Open adubois1337 opened 3 years ago

adubois1337 commented 3 years ago

There are two CVEs out against Connman versions <1.39 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26676 & https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26675) and it looks like https://github.com/rcn-ee/repos/tree/master/ubuntu-1804-connman is version 1.36.

Is it possible to upgrade Connman to version 1.39?

RobertCNelson commented 3 years ago

Ah, crap, looks like the maintainer stopped working on it..

https://tracker.debian.org/pkg/connman

adubois1337 commented 3 years ago

I sent the maintainer an email. Is there anything else you recommend I do to get this resolved?

RobertCNelson commented 3 years ago

Let's wait to see what his plan is.. i use connman in everything, so if he's not interested, i'll start working on packging it for us..

adubois1337 commented 3 years ago

The primary maintainer asked me to file a bug report (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988198) as he is not doing much work on Connman anymore and there is someone else in the community who is doing more work. The tracker seems fairly out of date at this point. I'll defer to you on how long we want to give them, but I'm not holding my breath for much movement on their end.

adubois1337 commented 3 years ago

I haven't heard anything on the package maintainer's side after I submitted the report. Would it be possible to put this issue on your backlog then?

RobertCNelson commented 3 years ago

thanks for reporting it @adubois1337 i'll start to switch it to mainline connman. ;)