Your message dated Mon, 02 Nov 2015 13:49:34 +0000 with message-id <e1ztfum-0004u4...@franck.debian.org> and subject line Bug#787371: fixed in wpa 2.3-2.2 has caused the Debian Bug report #787371, regarding wpa: CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length validation to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 787371: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787371 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: wpa Version: 2.3-1 Severity: important Tags: security upstream fixed-upstream Hi, the following vulnerabilities were published for wpa. CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146 for the "EAP-pwd missing payload length validation" issue[0]. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt https://marc.info/?l=oss-security&m=143309748931862&w=2 [1] https://security-tracker.debian.org/tracker/CVE-2015-4143 [2] https://security-tracker.debian.org/tracker/CVE-2015-4144 [3] https://security-tracker.debian.org/tracker/CVE-2015-4145 [4] https://security-tracker.debian.org/tracker/CVE-2015-4146 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: wpa Source-Version: 2.3-2.2 We believe that the bug you reported is fixed in the latest version of wpa, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 787...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated wpa package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 31 Oct 2015 14:13:50 +0100 Source: wpa Binary: hostapd wpagui wpasupplicant wpasupplicant-udeb Architecture: source Version: 2.3-2.2 Distribution: unstable Urgency: high Maintainer: Debian wpasupplicant Maintainers <pkg-wpa-de...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 787371 787372 787373 795740 Description: hostapd - IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator wpagui - graphical user interface for wpa_supplicant wpasupplicant - client support for WPA and WPA2 (IEEE 802.11i) wpasupplicant-udeb - Client support for WPA and WPA2 (IEEE 802.11i) (udeb) Changes: wpa (2.3-2.2) unstable; urgency=high . * Non-maintainer upload. * Add patch to address CVE-2015-4141. CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer encoding. (Closes: #787372) * Add patch to address CVE-2015-4142. CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing. (Closes: #787373) * Add patches to address CVE-2015-414{3,4,5,6} CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length validation. (Closes: #787371) * Add patch to address 2015-5 vulnerability. NFC: Fix payload length validation in NDEF record parser (Closes: #795740) * Thanks to Julian Wollrath <jwollr...@web.de> for the initial debdiff provided in #787371. Checksums-Sha1: 75150beb3fb26d4109b539b4ce888463998878d6 2444 wpa_2.3-2.2.dsc 328926f300bcae025a18b0009dc873ffbcbb5c12 84500 wpa_2.3-2.2.debian.tar.xz Checksums-Sha256: 53a491d3de23b568ccbb368bfc417d20aff2d2c92d74ddd3c0569e187ae3611d 2444 wpa_2.3-2.2.dsc 89a6cd317af34695d7aa4ff8d1e3b8c80de03d86b338935d8605cdb89a3b8789 84500 wpa_2.3-2.2.debian.tar.xz Files: 4a754d8ca6b01384f4dcc853d250c943 2444 net optional wpa_2.3-2.2.dsc db6f18f88aace7294e99d65d53440140 84500 net optional wpa_2.3-2.2.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWNMGdAAoJEAVMuPMTQ89EkzYP/2gtvy7H22t6nEas+tUyxTpm nhb2VQ2tnh373DBA5fypjJhBku+F8/vlEyhVC8zsbYfH+4NdS7lgJjrl/IW1tjct 9ZBlcGFKLbtMliQzTID4/Q2oKNodgyBFsWhno8ZgOw6pa9W/bUf5KNtbADHq9fv6 lxXOxgrUnICtKwU8rGU0h0gpnEjl+OLGC1P7r+jnIpXvfjdG7x5X3Nadnlfw9tHo kXErE2npfXfZzUv3Y2/0KnWV/IRdmD/+8IdwvCGSM4TTZdOpXViZEh6K7ioWX8nJ kRS83YjPnQNaj0WB+d+4gzneCoqh29q6oLqhTp4hJ46vCSMP64tbsolvYbYBpa5y zeUQeYXlOnN2HH8zFqzp4dN8CD6rfT2Cv9Co12YMizglLt+Y5qatNiQi5EXUr3be cUA/e22gzVj21dqP2OwI9zuOFOR75Q2dSB/eZ9fexri89xFKj8D7fI6XrrMz9Jx4 ABaRiWk5k6vAgrcjPrzBFgH+HmkL7QBlfYjLwCdfa1Pz02tk33qH67I0Fz7mTOfe +dAiXW/D+outNErQDIrhWVYkOqKTAnmktNUej6+fUs9mmzKq6ZFSbSXIAIWzlENa flxIxSGjFYL7e2qRn1Eti4ffZOcdYgOf9yCINgYG+uCR/QtFtb5IY9suW1j/pL/h eB4GpTyvWzWeJZ87ooIg =SIcU -----END PGP SIGNATURE-----
--- End Message ---
