Debian Package Tracker - network-manager

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

Please fix it.

Created: 2019-07-07 Last update: 2019-10-09 07:00

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

Please fix it.

Created: 2015-07-12 Last update: 2019-10-09 07:00

8 bugs tagged patch in the BTS normal

The BTS contains patches fixing 8 bugs (9 if counting merged bugs), consider including or untagging them.

Created: 2019-04-01 Last update: 2019-10-20 08:07

lintian reports 5 warnings normal

Lintian reports 5 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2019-10-06 Last update: 2019-10-06 01:16

1 ignored security issue in buster low

There is 1 open security issue in buster.

1 issue skipped by the security teams:

Please fix it.

Created: 2017-06-18 Last update: 2019-10-09 07:00

5 ignored security issues in jessie low

There are 5 open security issues in jessie.

5 issues skipped by the security teams:

CVE-2018-1000135: GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed, but later updates removed the fix. cf. https://bugs.launchpad.net/ubuntu/+bug/1754671 an upstream fix does not appear to be available at this time.
CVE-2012-1096:
CVE-2015-2924: The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message, a similar issue to CVE-2015-2922.
CVE-2015-0272: GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.
CVE-2016-0764: Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes.

Please fix them.

Created: 2015-07-12 Last update: 2019-10-09 07:00

2 ignored security issues in stretch low

There are 2 open security issues in stretch.

2 issues skipped by the security teams:

CVE-2018-1000135: GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed, but later updates removed the fix. cf. https://bugs.launchpad.net/ubuntu/+bug/1754671 an upstream fix does not appear to be available at this time.
CVE-2012-1096:

Please fix them.

Created: 2015-07-12 Last update: 2019-10-09 07:00

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2018-07-04 Last update: 2018-07-04 08:16

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.1 instead of 4.3.0).

Created: 2019-07-08 Last update: 2019-10-04 07:51