Your message dated Tue, 16 Oct 2007 20:47:17 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#442387: fixed in wpasupplicant 0.6.0-4
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: wpasupplicant
Version: 0.6.0-3
Severity: important
Tags: patch, security
There is a stack overflow in wpa_supplicant when handling TSF info from
drivers that support it. Patch attached.
--
Kees Cook @outflux.net
#! /bin/sh /usr/share/dpatch/dpatch-run
## 50_fix_hexstr2bin_stack_overflow.dpatch by Kees Cook <[EMAIL PROTECTED]>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Adjust bytes to target buffer length, not source buffer length.
@DPATCH@
diff -urNad wpasupplicant-0.6.0~/src/drivers/driver_wext.c
wpasupplicant-0.6.0/src/drivers/driver_wext.c
--- wpasupplicant-0.6.0~/src/drivers/driver_wext.c 2007-05-28
10:26:55.000000000 -0700
+++ wpasupplicant-0.6.0/src/drivers/driver_wext.c 2007-09-14
23:07:24.217713592 -0700
@@ -1380,6 +1380,7 @@
wpa_printf(MSG_INFO, "Invalid TSF length (%d)", bytes);
return;
}
+ bytes /= 2;
hexstr2bin(spos, bin, bytes);
res->tsf += WPA_GET_BE64(bin);
}
--- End Message ---
--- Begin Message ---
Source: wpasupplicant
Source-Version: 0.6.0-4
We believe that the bug you reported is fixed in the latest version of
wpasupplicant, which is due to be installed in the Debian FTP archive:
wpagui_0.6.0-4_i386.deb
to pool/main/w/wpasupplicant/wpagui_0.6.0-4_i386.deb
wpasupplicant_0.6.0-4.diff.gz
to pool/main/w/wpasupplicant/wpasupplicant_0.6.0-4.diff.gz
wpasupplicant_0.6.0-4.dsc
to pool/main/w/wpasupplicant/wpasupplicant_0.6.0-4.dsc
wpasupplicant_0.6.0-4_i386.deb
to pool/main/w/wpasupplicant/wpasupplicant_0.6.0-4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kel Modderman <[EMAIL PROTECTED]> (supplier of updated wpasupplicant package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 16 Oct 2007 18:12:03 +1000
Source: wpasupplicant
Binary: wpagui wpasupplicant
Architecture: source i386
Version: 0.6.0-4
Distribution: unstable
Urgency: low
Maintainer: Debian/Ubuntu wpasupplicant Maintainers <[EMAIL PROTECTED]>
Changed-By: Kel Modderman <[EMAIL PROTECTED]>
Description:
wpagui - GUI for wpa_supplicant
wpasupplicant - Client support for WPA and WPA2 (IEEE 802.11i)
Closes: 442387
Changes:
wpasupplicant (0.6.0-4) unstable; urgency=low
.
* Fix stack overflow condition that could exist if driver reported bad tsf
data in iwevent and scan results. (Closes: #442387)
* Update Vcs fields of debian/control to format of current consensus.
* Add Homepage field to debian/control.
Files:
3d0230e148b84e2ea063faba868bbb1d 1017 net optional wpasupplicant_0.6.0-4.dsc
b77ba801780dfd9726a48ba390321380 63297 net optional
wpasupplicant_0.6.0-4.diff.gz
57db5655a114a60575ec758b6aa96038 229260 net optional
wpasupplicant_0.6.0-4_i386.deb
675e0e54ca91a4fb87ddf3e97ed28b7c 74062 net optional wpagui_0.6.0-4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Debian Powered!
iD8DBQFHFSLCmAg1RJRTSKQRAovWAJ4qeqyZavkj1iBp3+Z6Ra+cHlrhIACfU9Da
888rBNyLIgrNhxS8GmfsGEY=
=vveA
-----END PGP SIGNATURE-----
--- End Message ---
