Bug#787371: wpa: CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length validation

Hi Julian, On Mon, Oct 26, 2015 at 02:30:39PM +0100, Julian Wollrath wrote: > Hi Salvatore, > > Am Sun, 25 Oct 2015 16:14:56 +0100 > schrieb Salvatore Bonaccorso : > > > Hi Julian, > > > > On Sat, Oct 24, 2015 at 05:04:56PM +0200, Julian Wollrath wrote: > > > +wpa

Bug#787371: wpa: CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length validation

Hi Salvatore, Am Sun, 25 Oct 2015 16:14:56 +0100 schrieb Salvatore Bonaccorso : > Hi Julian, > > On Sat, Oct 24, 2015 at 05:04:56PM +0200, Julian Wollrath wrote: > > +wpa (2.3-1+deb8u2) jessie-security; urgency=high > > + > > + * Add fixes for http://w1.fi/security/2015-5/ >

Bug#787371: wpa: CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length validation

Hi Julian, On Sat, Oct 24, 2015 at 05:04:56PM +0200, Julian Wollrath wrote: > +wpa (2.3-1+deb8u2) jessie-security; urgency=high > + > + * Add fixes for http://w1.fi/security/2015-5/ > + * Add fixes for CVE-2015-4141, CVE-2015-4142, CVE-2015-4143, CVE-2015-4144, > +CVE-2015-4145,

Bug#787371: wpa: CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length validation

tags 787371 patch Hi, I attached a patch to fix these (and more) security issues for jessie. For unstable I uploaded an updated package to [1], that fixes the security issues and updates the package to upstream version 2.5. Since I am no Debian Developer, I will not be able to upload these

Bug#787371: wpa: CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length validation

Source: wpa Version: 2.3-1 Severity: important Tags: security upstream fixed-upstream Hi, the following vulnerabilities were published for wpa. CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146 for the EAP-pwd missing payload length validation issue[0]. If you fix the vulnerabilities