Your message dated Sat, 19 Dec 2015 12:17:40 +0000 with message-id <e1aagsc-0001qn...@franck.debian.org> and subject line Bug#787371: fixed in wpa 1.0-3+deb7u3 has caused the Debian Bug report #787371, regarding wpa: CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length validation to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 787371: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787371 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: wpa Version: 2.3-1 Severity: important Tags: security upstream fixed-upstream Hi, the following vulnerabilities were published for wpa. CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146 for the "EAP-pwd missing payload length validation" issue[0]. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt https://marc.info/?l=oss-security&m=143309748931862&w=2 [1] https://security-tracker.debian.org/tracker/CVE-2015-4143 [2] https://security-tracker.debian.org/tracker/CVE-2015-4144 [3] https://security-tracker.debian.org/tracker/CVE-2015-4145 [4] https://security-tracker.debian.org/tracker/CVE-2015-4146 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: wpa Source-Version: 1.0-3+deb7u3 We believe that the bug you reported is fixed in the latest version of wpa, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 787...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated wpa package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 31 Oct 2015 12:08:04 +0100 Source: wpa Binary: hostapd wpagui wpasupplicant wpasupplicant-udeb Architecture: source amd64 Version: 1.0-3+deb7u3 Distribution: wheezy-security Urgency: high Maintainer: Debian/Ubuntu wpasupplicant Maintainers <pkg-wpa-de...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: hostapd - user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authentica wpagui - graphical user interface for wpa_supplicant wpasupplicant - client support for WPA and WPA2 (IEEE 802.11i) wpasupplicant-udeb - Client support for WPA and WPA2 (IEEE 802.11i) (udeb) Closes: 787371 787372 787373 795740 Changes: wpa (1.0-3+deb7u3) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Add patch to address CVE-2015-4141. CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer encoding. (Closes: #787372) * Add patch to address CVE-2015-4142. CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing. (Closes: #787373) * Add patches to address CVE-2015-4143. CVE-2015-4143: EAP-pwd missing payload length validation. (Closes: #787371) * Add patch to address 2015-5 vulnerability. NFC: Fix payload length validation in NDEF record parser. Note that this issue does not affect the binary packages distributed in Debian in Wheezy as CONFIG_WPS_NFC=y is not set in the build configuration. (Closes: #795740) Checksums-Sha1: b20ebaad39b20846d972989ade1a53869f4a45fd 2463 wpa_1.0-3+deb7u3.dsc c8b598746226794755936ec65567ccd3ac6e6ad7 92310 wpa_1.0-3+deb7u3.debian.tar.gz 478ea237efe34fbaac4b5eca0a7ab897153f761c 476674 hostapd_1.0-3+deb7u3_amd64.deb 77109d23e9da5a2441ad3f0b1b395e7ba355b9cf 368738 wpagui_1.0-3+deb7u3_amd64.deb ee51bf56c33007cb1262173660f0ff6d976f465d 608780 wpasupplicant_1.0-3+deb7u3_amd64.deb 6fb202375cddaeae5dd967274b7242293ac66aa1 154888 wpasupplicant-udeb_1.0-3+deb7u3_amd64.udeb Checksums-Sha256: 0f679e8232a14fd1160f4bd71e2395b9bcf1ba4590ec1a1ed81267b1da29f68b 2463 wpa_1.0-3+deb7u3.dsc 02ac96a5c1e0b7b4800de2c41b2e175b82edeb9e76cc79e446a895c9c37f0f8b 92310 wpa_1.0-3+deb7u3.debian.tar.gz 0a3f852f4497a646ebeca93daf9cab9311ae364fd39063d77c48c61ca6a0f1c1 476674 hostapd_1.0-3+deb7u3_amd64.deb deba0fff2c80d85b7bad45a41fcb680729b3cf8d90561951edd83c832c97f95e 368738 wpagui_1.0-3+deb7u3_amd64.deb 97c914c9da2c65df15a3c1ea660cdbed36a2d899be7cdf47be93c309c518602a 608780 wpasupplicant_1.0-3+deb7u3_amd64.deb 3a5deff760cbf88139e6a7bb97b8a972c38beae93e79d4e17da3cfb0c4c029f1 154888 wpasupplicant-udeb_1.0-3+deb7u3_amd64.udeb Files: 519d6bc86784e8d89822b4a4c15b101b 2463 net optional wpa_1.0-3+deb7u3.dsc 31a410124f4e79e81508d7063ea0b99d 92310 net optional wpa_1.0-3+deb7u3.debian.tar.gz 99dd3614c27ecb251f4e92eec0e2d0af 476674 net optional hostapd_1.0-3+deb7u3_amd64.deb 47c78dee014c29252c4ef14709630424 368738 net optional wpagui_1.0-3+deb7u3_amd64.deb c2e171b018f0eb5a7bf96f2e3c359bfb 608780 net optional wpasupplicant_1.0-3+deb7u3_amd64.deb 1decde4b669199fe4a42c4bd7c699812 154888 debian-installer standard wpasupplicant-udeb_1.0-3+deb7u3_amd64.udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWNOgAAAoJEAVMuPMTQ89EReEP/0jZVM4dr7axiunPmKiUGRtf LeqETfFNjb5VSdUCbRw4qaX0zKqidvDOIJ0NRL1Ev8WkH4JE8G2Cytg8LGNa68NL juXJCu4pMbojO2/bH6O41U0tlt6kDKbKETjAdmfg3+6hQ0n0NNwcZwDplLU4Smb9 EkYksVNcp59a2g1+wXIWoJFGf9tIEcgOA6NbOpK+z7tlyF3B6f9vIfBsGwD+x+My 7SvUdXLUTyBgl5dn9qdMzGUEAMMFwv6d3KaLwrhvif6yg2R82E9sFVJ2z50LIihE sbC2NhkTglAD8CUxbGMZkZrTJmF7R/RLzryS4OERThej2EXxGjFSXVOF9D8c3Q3P oEymXeA0GmGkb3zKrxYEAQATfv/F1hRtZvWFutoemfaGeqwG0FAIGQti4FAP6y41 W1sOIeozium7eedkzx8wEItdy3KS/CitR+BHvqQOguuuv0ak4WmDU/sQ4+3IzIQi viPSjlKzM5et2OZQyKHGg3dIHwTKDmZxIG9WRrp6AurqoJ3g3gCY++CDFfOqtbnf OCxzOpBKCFHJFibBUB3IboV3W7gQntDLfpE1LMz2Lj3M20awqx4RXx5z4zBKK76h BiMTJaCwhxoQRcmUDUvBPMokTtQX1XrQyc4N86awkrEGwHFmqf2CedkT3uuCjUy1 AbfSMgKbkY3gViuN9e6a =kPO6 -----END PGP SIGNATURE-----
--- End Message ---
