Your message dated Sun, 15 Nov 2015 22:47:12 +0000
with message-id <[email protected]>
and subject line Bug#787371: fixed in wpa 2.3-1+deb8u2
has caused the Debian Bug report #787371,
regarding wpa: CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd
missing payload length validation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
787371: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787371
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: wpa
Version: 2.3-1
Severity: important
Tags: security upstream fixed-upstream
Hi,
the following vulnerabilities were published for wpa.
CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146 for the
"EAP-pwd missing payload length validation" issue[0].
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
https://marc.info/?l=oss-security&m=143309748931862&w=2
[1] https://security-tracker.debian.org/tracker/CVE-2015-4143
[2] https://security-tracker.debian.org/tracker/CVE-2015-4144
[3] https://security-tracker.debian.org/tracker/CVE-2015-4145
[4] https://security-tracker.debian.org/tracker/CVE-2015-4146
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: wpa
Source-Version: 2.3-1+deb8u2
We believe that the bug you reported is fixed in the latest version of
wpa, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated wpa package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 31 Oct 2015 10:07:44 +0100
Source: wpa
Binary: hostapd wpagui wpasupplicant wpasupplicant-udeb
Architecture: source
Version: 2.3-1+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Debian wpasupplicant Maintainers
<[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 787371 787372 787373 795740
Description:
hostapd - IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
wpagui - graphical user interface for wpa_supplicant
wpasupplicant - client support for WPA and WPA2 (IEEE 802.11i)
wpasupplicant-udeb - Client support for WPA and WPA2 (IEEE 802.11i) (udeb)
Changes:
wpa (2.3-1+deb8u2) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Add patch to address CVE-2015-4141.
CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer
encoding. (Closes: #787372)
* Add patch to address CVE-2015-4142.
CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing.
(Closes: #787373)
* Add patches to address CVE-2015-414{3,4,5,6}
CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing
payload length validation. (Closes: #787371)
* Add patch to address 2015-5 vulnerability.
NFC: Fix payload length validation in NDEF record parser (Closes: #795740)
* Add patch to address CVE-2015-5310.
CVE-2015-5310: wpa_supplicant unauthorized WNM Sleep Mode GTK control.
Checksums-Sha1:
2bd8c477e68b3e50fe985ef04c86d1edf199a885 2496 wpa_2.3-1+deb8u2.dsc
ce5177ea6587fe13dfb6626b5c54a99d86d990d5 79656 wpa_2.3-1+deb8u2.debian.tar.xz
Checksums-Sha256:
81ece78630a18b622e00c98bd8080be0dbe624a9a717850d61d156a8d4923763 2496
wpa_2.3-1+deb8u2.dsc
214421d0ff41ebe0ad8f0564ecbbfde7aaf8fb92a49d69d2ba6eb38611dbaf5f 79656
wpa_2.3-1+deb8u2.debian.tar.xz
Files:
8f7361599ef95fdea887d17766903b76 2496 net optional wpa_2.3-1+deb8u2.dsc
e5b886814e66c4b2ab08005385dd8ee4 79656 net optional
wpa_2.3-1+deb8u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWNIoDAAoJEAVMuPMTQ89ER4kP/iVsz/89JxxQfJvuTJijQclo
3m1T6+ZkG1QopVYZJTruAsHo6l5gvYccVgqTmXKO6n7ZgFlw/DA14qZK/tOFLJdi
D4EZNIG3e42aNMkB6Z0NtgfixkIiemh6gzCEvix/WOAbiUUkhgTOyZaCRGXIiJ+1
pbsztfP8CnNYwd2nuaCgWMZAijAGVs++NrSpXoJ0qB7HZ9VsbDJpW1DFNNrxqq9c
0nk+tcCJRw6VebdW6Li7jY1I1fuI0rjvCUQnexUg/UVyR/TxW0iI74zQwHeS+w8t
QurvTIJSM6dZs2Yg/jq8kCh7NPVvluO8rSP7cV4oseObBObhnBPBwANdi3xNehx+
zU2d3H+Yuj2SGcaZl6I9y/LdqduqNSdDa8pHpui7ABltMxLqQqloCs2bZ8XUQZVQ
59ydcVqPAgweWD13NcRpMraMre8RRIyDYniiE4SNr6meZ/SB6PWCtPffE6zAMBnU
sPYN3CNxlZ923X9dfFn5yz7VqAG6RhMaNHdcSz3MKwabEfREfSb5XGTlB3ARn0ga
gJGRNzqvgdCfvojKueb5ZCf/IklaJeaoQa7i/DTYegcBtTa1GvbMqwxRIQKApn8H
cw1cp97rs/C/0ufghv7+oJkMCqzH/1k7619T5YrBPP+26DrhDx1eABC/TuHAJKm6
lHKO7uSj3QmCAcGqZkge
=HCUC
-----END PGP SIGNATURE-----
--- End Message ---
