There are 3 open security issues in bullseye.
3 issues left for the package maintainer to handle:
- CVE-2022-23096:
(needs triaging)
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read.
- CVE-2022-23097:
(needs triaging)
An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read.
- CVE-2022-23098:
(needs triaging)
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received.
You can find information about how to handle these issues in the security team's documentation.