Your message dated Thu, 08 Aug 2019 14:55:52 +0000 with message-id <e1hvjpy-000gwb...@fasolo.debian.org> and subject line Bug#934180: fixed in wpa 2:2.9-1 has caused the Debian Bug report #934180, regarding wpa: CVE-2019-13377: Timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 934180: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934180 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: wpa Version: 2:2.8-3 Severity: grave Tags: security upstream Hi, The following vulnerability was published for wpa. CVE-2019-13377[0]: | Timing-based side-channel attack against WPA3's Dragonfly handshake when using | Brainpool curves If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-13377 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13377 [1] https://w1.fi/security/2019-6/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: wpa Source-Version: 2:2.9-1 We believe that the bug you reported is fixed in the latest version of wpa, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 934...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andrej Shadura <andre...@debian.org> (supplier of updated wpa package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 08 Aug 2019 15:59:02 +0200 Source: wpa Architecture: source Version: 2:2.9-1 Distribution: unstable Urgency: high Maintainer: Debian wpasupplicant Maintainers <w...@packages.debian.org> Changed-By: Andrej Shadura <andre...@debian.org> Closes: 934180 Changes: wpa (2:2.9-1) unstable; urgency=high . * New upstream release (Closes: #934180): - SECURITY UPDATE (CVE-2019-13377): Timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves. More details: + https://w1.fi/security/2019-6/ + https://wpa3.mathyvanhoef.com/ * Drop a patch applied upstream. * Update debian/watch. . wpa (2:2.8+git20190713+b8491ae-1) experimental; urgency=medium . * Upload to experimental. * New upstream snapshot. * Drop patches applied upstream. Checksums-Sha1: e92e228c035587c9d2e5a2bf28816fb68753516d 2149 wpa_2.9-1.dsc 8c4bafede40b32890ab65ac120e1c24757878248 2347080 wpa_2.9.orig.tar.xz 0bd1e79672aa97229f8b29a5fa3ae75a9f543278 81256 wpa_2.9-1.debian.tar.xz Checksums-Sha256: 5c376181560e4b0516df12fb1b91812c951b578bf26f9cdf1cc8f1632f1e8b29 2149 wpa_2.9-1.dsc 4032da92d97cb555053d94d514d590d0ce066ca13ba5ef144063450bc56161a7 2347080 wpa_2.9.orig.tar.xz 114e280692d9b36178d45e8ce51985685dec7066715fb9ead9c30d88e101bbdf 81256 wpa_2.9-1.debian.tar.xz Files: d89d939c6114f1133de73c335b686293 2149 net optional wpa_2.9-1.dsc 132953a85df36d0fca4df129b036ca06 2347080 net optional wpa_2.9.orig.tar.xz 77696ab66c988d275f72ffc38f65799b 81256 net optional wpa_2.9-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEeuS9ZL8A0js0NGiOXkCM2RzYOdIFAl1MK6gACgkQXkCM2RzY OdLuVAgAv4Haic7iE8hQDuJgYZUt37RvM+pGHBL+KvSykvLf0YAnXOd3zBF6NghD p4dFs8oODVDnM1pqCnJUIo5bpqauf/tJPz7ueNAUktBL1bOaxxSgDFH2WozXChfw 23RjW379wzvEEOOLSYNPNkvobZldakrk+wrgt9sygr+9uJjpX5ew453m749Ex2Ea WXLIh7fY52nFsEWGfv//kzjSNQcd36YFy2AQJhcvxe9gYJv4E4FJkHo6DBKss35Z 09d0ggmpAFHCk6gQXljxnIcILkr0h6EbdIuK7zdP+5NMruDZRUkPWaxpk1GVf3kH 5k5wiCA02OUkZj0O+vGsyH8zNJniOw== =yZda -----END PGP SIGNATURE-----
--- End Message ---
