Your message dated Fri, 23 Apr 2021 19:32:57 +0000 with message-id <e1la1xt-000gps...@fasolo.debian.org> and subject line Bug#981971: fixed in wpa 2:2.7+git20190128+0c1e29f-6+deb10u3 has caused the Debian Bug report #981971, regarding wpa: CVE-2021-0326: wpa_supplicant P2P group information processing vulnerability to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 981971: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981971 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: wpa Version: 2:2.9.0-16 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi Details are published in the advisory at https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt Patch: https://w1.fi/security/2020-2/0001-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: wpa Source-Version: 2:2.7+git20190128+0c1e29f-6+deb10u3 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of wpa, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 981...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated wpa package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 16 Apr 2021 15:07:06 +0200 Source: wpa Architecture: source Version: 2:2.7+git20190128+0c1e29f-6+deb10u3 Distribution: buster-security Urgency: high Maintainer: Debian wpasupplicant Maintainers <w...@packages.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 976106 981971 Changes: wpa (2:2.7+git20190128+0c1e29f-6+deb10u3) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * WPS UPnP: Do not allow event subscriptions with URLs to other networks (CVE-2020-12695) (Closes: #976106) * WPS UPnP: Fix event message generation using a long URL path (CVE-2020-12695) (Closes: #976106) * WPS UPnP: Handle HTTP initiation failures for events more properly (CVE-2020-12695) (Closes: #976106) * P2P: Fix copying of secondary device types for P2P group client (CVE-2021-0326) (Closes: #981971) * P2P: Fix a corner case in peer addition based on PD Request (CVE-2021-27803) Checksums-Sha1: 499bf9e46cc2776019cb71c7448c0a189dfc71ae 2716 wpa_2.7+git20190128+0c1e29f-6+deb10u3.dsc 6f0d7a8ef001539a7407d37529c1525b9a9b56b5 111756 wpa_2.7+git20190128+0c1e29f-6+deb10u3.debian.tar.xz Checksums-Sha256: 7011a669781d93abd9f9ee8d27bcd1011c3468e73aa059556a836c05ff793371 2716 wpa_2.7+git20190128+0c1e29f-6+deb10u3.dsc 8ed6c90ec4ecf60f96b8606cc69cf3f17d5f548a56b256e6746df1f9ed342d29 111756 wpa_2.7+git20190128+0c1e29f-6+deb10u3.debian.tar.xz Files: eec6ef7cc457ffbff55cd285a00f6226 2716 net optional wpa_2.7+git20190128+0c1e29f-6+deb10u3.dsc e242439ace3a3c6731a32afd4a590e43 111756 net optional wpa_2.7+git20190128+0c1e29f-6+deb10u3.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmB5jbBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EaTYP/jpR8LBmhtf7bbhGkFyCn94E2OC3DI8C XzLP+692U1K3fpveHwV2yS+cXBjsQtS5SdBKzwcyIHyrGhWxv+cd+6bIxb5tvDXx unzb3rmBuQsmOjlqlceiUUxpFzITzq/KRq2wzI0HS1XCBjBJl9GIwoMgGRWxqbZC bKO99VyTux5wcPPfLIC6OHuoFBiP9z864txIGcXKdXgcWnY8uhhv6hbNI+jDf74u rTcAASGhPst+AFWokmdhrkApSmN7MB5jeQLXFYW9SdbEr58bQ+4Yf57qMcI/GcJt Baf2A1PXqG7Z0tmiW7p2/wVOQCVNUEyIP1fd7a2dqONrai14dp36DNtMHpFU2g0i Pfj61FOlqCa1ln20b6Cid+T2X6ownd5rPN6aEUBhRjNnoZ4cCHyjG208lXghOCcf zZyQVzBhTxQLli2mA1mEdgwIZp5wugbrFgLszeLFdAwgwzUoX7BI9zJ5UFjHLoJE BOitXlv7YorJmOHGJl+b9X9PqLgBJDJ1NB2C1eUUSLy4S5dumvRkYimoP1+jb9zx AZjK/4k7bALlmMWSuhgzA2Iwh3jUVaERGHvxc8IrEv8Rjakfj1jdSvU7nbL/MprV BpGU74WnEN8bMTHanULVNaJJcp0FjE0KebL2+Ni//KDayjSDjptNpaXFeNfhYGG8 OqadRamYCxWQ =cdV1 -----END PGP SIGNATURE-----
--- End Message ---
