Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
64c1f75f by Bastien Roucariès at 2025-04-12T21:47:48+02:00
Reserve DLA-4123-1 for wpa
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -232997,7 +232997,6 @@ CVE-2022-37661 (SmartRG SR506n 2.5.15 and SR510n
2.6.13 routers are vulnerable t
CVE-2022-37660 (In hostapd 2.10 and earlier, the PKEX code remains active even
after a ...)
- wpa 2:2.10-24
[bookworm] - wpa <no-dsa> (Minor issue)
- [bullseye] - wpa <postponed> (Minor issue)
NOTE: https://link.springer.com/article/10.1007/s10207-025-00988-3
NOTE: Fixed by:
https://w1.fi/cgit/hostap/commit/?id=15af83cf1846870873a011ed4d714732f01cd2e4
(hostap_2_11)
CVE-2022-37659
@@ -275759,14 +275758,12 @@ CVE-2022-0246 (The settings of the iQ Block Country
WordPress plugin before 1.2.
NOT-FOR-US: WordPress plugin
CVE-2022-23304 (The implementations of EAP-pwd in hostapd before 2.10 and
wpa_supplica ...)
- wpa 2:2.10-1
- [bullseye] - wpa <no-dsa> (Minor issue)
[buster] - wpa <no-dsa> (Minor issue)
[stretch] - wpa <ignored> (Minor issue)
NOTE: https://w1.fi/security/2022-1/
NOTE: Issue exists because of an incomplete fix for CVE-2019-9495
CVE-2022-23303 (The implementations of SAE in hostapd before 2.10 and
wpa_supplicant b ...)
- wpa 2:2.10-1
- [bullseye] - wpa <no-dsa> (Minor issue)
[buster] - wpa <no-dsa> (Minor issue)
[stretch] - wpa <not-affected> (CVE-2019-9494 was not applied and is
marked as ignored)
NOTE: https://w1.fi/security/2022-1/
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[12 Apr 2025] DLA-4123-1 wpa - security update
+ {CVE-2022-23303 CVE-2022-23304 CVE-2022-37660}
+ [bullseye] - wpa 2:2.9.0-21+deb11u3
[09 Apr 2025] DLA-4122-1 libbssolv-perl - security update
[bullseye] - libbssolv-perl 0.17-3+deb11u1
[08 Apr 2025] DLA-4121-1 phpmyadmin - security update
=====================================
data/dla-needed.txt
=====================================
@@ -336,11 +336,6 @@ wget (Adrian Bunk)
NOTE: 20250409: Follow fixes from bookworm 12.10 (CVE-2024-38428)
NOTE: 20250409: Also check postponed issues (Beuc/front-desk)
--
-wpa (rouca)
- NOTE: 20250409: Added by Front-Desk (Beuc)
- NOTE: 20250409: Also address pending side-channel issues
CVE-2022-23303/CVE-2022-23304 (Beuc/front-desk)
- NOTE: 20250410: Wait for review (rouca)
---
xmlrpc-c (Adrian Bunk)
NOTE: 20250411: Added by Front-Desk (Beuc)
NOTE: 20250411: See issues with old embedded expat library:
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64c1f75fbe15975e547c60801d407c2ea006b7e1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64c1f75fbe15975e547c60801d407c2ea006b7e1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
