From biebl at debian.org  Thu Oct  1 17:35:24 2015
From: biebl at debian.org (Michael Biebl)
Date: Thu, 01 Oct 2015 19:35:24 +0200
Subject: [pkg-wpa-devel] Bug#800615: Please add After=dbus.service to
	systemd service file
Message-ID: <20151001173524.15803.98850.reportbug@pluto.milchstrasse.xx>

Package: wpasupplicant
Version: 2.3-2.1
Severity: normal
Tags: patch
User: pkg-systemd-maintainers at lists.alioth.debian.org
Usertags: systemd-units


wpasupplicant uses D-Bus and if the dbus service goes away, it drops any
existing connections. This is problematic on shutdown, as dbus.service
might be stopped before wpasupplicant.

Please consider adding a After=dbus.service to wpa_supplicant.service

See also the upstream discussion at
https://bugs.freedesktop.org/show_bug.cgi?id=89847#c12


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages wpasupplicant depends on:
ii  adduser           3.113+nmu3
ii  libc6             2.19-22
ii  libdbus-1-3       1.10.0-3
ii  libnl-3-200       3.2.26-1
ii  libnl-genl-3-200  3.2.26-1
ii  libpcsclite1      1.8.14-1
ii  libreadline6      6.3-8+b3
ii  libssl1.0.0       1.0.2d-1
ii  lsb-base          9.20150917

wpasupplicant recommends no packages.

Versions of packages wpasupplicant suggests:
pn  libengine-pkcs11-openssl  <none>
pn  wpagui                    <none>

-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: wpa_supplicant.diff
Type: text/x-diff
Size: 372 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-wpa-devel/attachments/20151001/de7961c7/attachment.diff>

From owner at bugs.debian.org  Tue Oct  6 15:57:09 2015
From: owner at bugs.debian.org (Debian Bug Tracking System)
Date: Tue, 06 Oct 2015 15:57:09 +0000
Subject: [pkg-wpa-devel] Processed: Re:  Bug#700870: building eapol_test
References: <20151006153248.GA116393@rootmail.cc.le.ac.uk>
 <20130218170522.GH25818@rootmail.cc.le.ac.uk>
Message-ID: <handler.s.B700870.144414690813665.transcript@bugs.debian.org>

Processing control commands:

> reassign -1 wpa
Bug #700870 [wpasupplicant] building eapol_test
Bug reassigned from package 'wpasupplicant' to 'wpa'.
No longer marked as found in versions wpa/1.0-3.
Ignoring request to alter fixed versions of bug #700870 to the same values previously set
> tags -1 + patch
Bug #700870 [wpa] building eapol_test
Added tag(s) patch.

-- 
700870: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700870
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems


From mcn4 at leicester.ac.uk  Tue Oct  6 15:32:48 2015
From: mcn4 at leicester.ac.uk (Matthew Newton)
Date: Tue, 6 Oct 2015 16:32:48 +0100
Subject: [pkg-wpa-devel] Bug#700870:  Bug#700870: building eapol_test
In-Reply-To: <201402210226.31971.s.L-H@gmx.de>
References: <20130218170522.GH25818@rootmail.cc.le.ac.uk>
 <201402210226.31971.s.L-H@gmx.de>
Message-ID: <20151006153248.GA116393@rootmail.cc.le.ac.uk>

Control: reassign -1 wpa
Control: tags -1 + patch

Hi Stefan,

On Fri, Feb 21, 2014 at 02:26:30AM +0000, Stefan Lippers-Hollmann wrote:
> On Monday 18 February 2013, Matthew Newton wrote:
> > The wpa_supplicant package contains a really useful tool,
> > eapol_test. It is not currently packaged, and it would be great if
> > this could be. Use of this, for example, often comes up on the

> At the moment, as of wpa_supplicant 1.1, this causes too many build 
> problems, e.g. right now (after fixing the first one), I'm at:
...
> I will revisit this once we've switched to wpa 2.1 (very soon), but
> won't make any promises yet; an updated and slightly fixed variant of 
> your patch is attached.

I have updated the patch again for the latest source wpa package.

This builds cleanly with sbuild on jessie and unstable, and passes
lintian checks on both (aside from warnings not from this patch).

Is this able to be added now, please?

Many thanks!

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eapoltest.patch
Type: text/x-diff
Size: 3331 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-wpa-devel/attachments/20151006/d5c9741e/attachment.patch>

From owner at bugs.debian.org  Tue Oct 13 14:39:04 2015
From: owner at bugs.debian.org (Debian Bug Tracking System)
Date: Tue, 13 Oct 2015 14:39:04 +0000
Subject: [pkg-wpa-devel] Processed: severity of 787371 is grave
References: <E1Zm0TY-0006vH-Kc@inutil.org>
Message-ID: <handler.s.C.144474688611116.transcript@bugs.debian.org>

Processing commands for control at bugs.debian.org:

> severity 787371 grave
Bug #787371 [src:wpa] wpa: CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length validation
Severity set to 'grave' from 'important'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
787371: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787371
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems


From jwollrath at web.de  Sat Oct 24 15:04:56 2015
From: jwollrath at web.de (Julian Wollrath)
Date: Sat, 24 Oct 2015 17:04:56 +0200
Subject: [pkg-wpa-devel] Bug#787371: wpa: CVE-2015-4143 CVE-2015-4144
	CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length
	validation
In-Reply-To: <20150531203615.21051.22900.reportbug@eldamar.local>
Message-ID: <20151024170456.0c9ec6b2@saldaea>

tags 787371 patch

Hi,

I attached a patch to fix these (and more) security issues for jessie.
For unstable I uploaded an updated package to [1], that fixes the
security issues and updates the package to upstream version 2.5.

Since I am no Debian Developer, I will not be able to upload these
updates to the archive.


Cheers,
Julian

[1] http://rbw.goe.net/jw/debian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: wpa_security_update.diff
Type: text/x-patch
Size: 41025 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-wpa-devel/attachments/20151024/ecbe8d93/attachment-0001.bin>

From carnil at debian.org  Sun Oct 25 15:14:56 2015
From: carnil at debian.org (Salvatore Bonaccorso)
Date: Sun, 25 Oct 2015 16:14:56 +0100
Subject: [pkg-wpa-devel] Bug#787371: wpa: CVE-2015-4143 CVE-2015-4144
	CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length
	validation
In-Reply-To: <20151024170456.0c9ec6b2@saldaea>
References: <20150531203615.21051.22900.reportbug@eldamar.local>
 <20151024170456.0c9ec6b2@saldaea>
Message-ID: <20151025151456.GA9815@eldamar.local>

Hi Julian,

On Sat, Oct 24, 2015 at 05:04:56PM +0200, Julian Wollrath wrote:
> +wpa (2.3-1+deb8u2) jessie-security; urgency=high
> +
> +  * Add fixes for http://w1.fi/security/2015-5/
> +  * Add fixes for CVE-2015-4141, CVE-2015-4142, CVE-2015-4143, CVE-2015-4144,
> +    CVE-2015-4145, CVE-2015-4146 (Closes: #787371).

Only looked from a changelog point of view: Please close as well the
other releated bugs in the changelog entries:

fixes for http://w1.fi/security/2015-5/ -> #795740
CVE-2015-4141 -> #787372
CVE-2015-4142 -> #787373
CVE-2015-4143 -> #787371
CVE-2015-4144 -> #787371
CVE-2015-4145 -> #787371
CVE-2015-4146 -> #787371

(you can find the information via the security-tracker, i.e.
https://security-tracker.debian.org/wpa)

The reason i filled different bug reports is that different version
ranges are affected, so that we have proper version tracking as well
for the BTS.

Thanks for having worked on that update and attached your patchset.
Hav you worked as well on wheezy?

Regards,
Salvatore


From jwollrath at web.de  Mon Oct 26 13:30:39 2015
From: jwollrath at web.de (Julian Wollrath)
Date: Mon, 26 Oct 2015 14:30:39 +0100
Subject: [pkg-wpa-devel] Bug#787371: wpa: CVE-2015-4143 CVE-2015-4144
	CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length
	validation
In-Reply-To: <20151025151456.GA9815@eldamar.local>
References: <20150531203615.21051.22900.reportbug@eldamar.local>
 <20151024170456.0c9ec6b2@saldaea>
 <20151025151456.GA9815@eldamar.local>
Message-ID: <20151026143039.1b0eca47@saldaea>

Hi Salvatore,

Am Sun, 25 Oct 2015 16:14:56 +0100
schrieb Salvatore Bonaccorso <carnil at debian.org>:

> Hi Julian,
> 
> On Sat, Oct 24, 2015 at 05:04:56PM +0200, Julian Wollrath wrote:
> > +wpa (2.3-1+deb8u2) jessie-security; urgency=high
> > +
> > +  * Add fixes for http://w1.fi/security/2015-5/
> > +  * Add fixes for CVE-2015-4141, CVE-2015-4142, CVE-2015-4143,
> > CVE-2015-4144,
> > +    CVE-2015-4145, CVE-2015-4146 (Closes: #787371).  
> 
> Only looked from a changelog point of view: Please close as well the
> other releated bugs in the changelog entries:
> 
> fixes for http://w1.fi/security/2015-5/ -> #795740
> CVE-2015-4141 -> #787372
> CVE-2015-4142 -> #787373
> CVE-2015-4143 -> #787371
> CVE-2015-4144 -> #787371
> CVE-2015-4145 -> #787371
> CVE-2015-4146 -> #787371
> 
> (you can find the information via the security-tracker, i.e.
> https://security-tracker.debian.org/wpa)
> 
> The reason i filled different bug reports is that different version
> ranges are affected, so that we have proper version tracking as well
> for the BTS.
ok. I can change that. Not sure though, if I have time for it today.

> 
> Thanks for having worked on that update and attached your patchset.
> Hav you worked as well on wheezy?
No I have not and I am unsure, if I have time do look at it before the
weekend.

Cheers,
Julian


From carnil at debian.org  Tue Oct 27 20:54:30 2015
From: carnil at debian.org (Salvatore Bonaccorso)
Date: Tue, 27 Oct 2015 21:54:30 +0100
Subject: [pkg-wpa-devel] Bug#787371: wpa: CVE-2015-4143 CVE-2015-4144
	CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length
	validation
In-Reply-To: <20151026143039.1b0eca47@saldaea>
References: <20150531203615.21051.22900.reportbug@eldamar.local>
 <20151024170456.0c9ec6b2@saldaea>
 <20151025151456.GA9815@eldamar.local>
 <20151026143039.1b0eca47@saldaea>
Message-ID: <20151027205430.GA7956@eldamar.local>

Hi Julian,

On Mon, Oct 26, 2015 at 02:30:39PM +0100, Julian Wollrath wrote:
> Hi Salvatore,
> 
> Am Sun, 25 Oct 2015 16:14:56 +0100
> schrieb Salvatore Bonaccorso <carnil at debian.org>:
> 
> > Hi Julian,
> > 
> > On Sat, Oct 24, 2015 at 05:04:56PM +0200, Julian Wollrath wrote:
> > > +wpa (2.3-1+deb8u2) jessie-security; urgency=high
> > > +
> > > +  * Add fixes for http://w1.fi/security/2015-5/
> > > +  * Add fixes for CVE-2015-4141, CVE-2015-4142, CVE-2015-4143,
> > > CVE-2015-4144,
> > > +    CVE-2015-4145, CVE-2015-4146 (Closes: #787371).  
> > 
> > Only looked from a changelog point of view: Please close as well the
> > other releated bugs in the changelog entries:
> > 
> > fixes for http://w1.fi/security/2015-5/ -> #795740
> > CVE-2015-4141 -> #787372
> > CVE-2015-4142 -> #787373
> > CVE-2015-4143 -> #787371
> > CVE-2015-4144 -> #787371
> > CVE-2015-4145 -> #787371
> > CVE-2015-4146 -> #787371
> > 
> > (you can find the information via the security-tracker, i.e.
> > https://security-tracker.debian.org/wpa)
> > 
> > The reason i filled different bug reports is that different version
> > ranges are affected, so that we have proper version tracking as well
> > for the BTS.
> ok. I can change that. Not sure though, if I have time for it today.
> 
> > 
> > Thanks for having worked on that update and attached your patchset.
> > Hav you worked as well on wheezy?
> No I have not and I am unsure, if I have time do look at it before the
> weekend.

I will tentatively look into it soon in the next few days as well.

Regards,
Salvatore


From carnil at debian.org  Sat Oct 31 13:32:50 2015
From: carnil at debian.org (Salvatore Bonaccorso)
Date: Sat, 31 Oct 2015 14:32:50 +0100
Subject: [pkg-wpa-devel] Bug#787371: wpa: diff for NMU version 2.3-2.2
Message-ID: <20151031133250.GA31587@elende.valinor.li>

Control: tags 787371 + patch
Control: tags 787371 + pending
Control: tags 787372 + patch
Control: tags 787372 + pending
Control: tags 787373 + patch
Control: tags 787373 + pending
Control: tags 795740 + pending

Dear maintainer,

I've prepared an NMU for wpa (versioned as 2.3-2.2) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards,
Salvatore
-------------- next part --------------
A non-text attachment was scrubbed...
Name: wpa-2.3-2.2-nmu.diff
Type: text/x-diff
Size: 21450 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-wpa-devel/attachments/20151031/ea59480a/attachment.diff>

From owner at bugs.debian.org  Sat Oct 31 13:33:22 2015
From: owner at bugs.debian.org (Debian Bug Tracking System)
Date: Sat, 31 Oct 2015 13:33:22 +0000
Subject: [pkg-wpa-devel] Processed: wpa: diff for NMU version 2.3-2.2
References: <20151031133250.GA31587@elende.valinor.li>
 <20150531203615.21051.22900.reportbug@eldamar.local>
Message-ID: <handler.s.B787371.144629837921833.transcript@bugs.debian.org>

Processing control commands:

> tags 787371 + patch
Bug #787371 [src:wpa] wpa: CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length validation
Added tag(s) patch.
> tags 787371 + pending
Bug #787371 [src:wpa] wpa: CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length validation
Added tag(s) pending.
> tags 787372 + patch
Bug #787372 [src:wpa] wpa: CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer encoding
Added tag(s) patch.
> tags 787372 + pending
Bug #787372 [src:wpa] wpa: CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer encoding
Added tag(s) pending.
> tags 787373 + patch
Bug #787373 [src:wpa] wpa: CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing
Added tag(s) patch.
> tags 787373 + pending
Bug #787373 [src:wpa] wpa: CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing
Added tag(s) pending.
> tags 795740 + pending
Bug #795740 [src:wpa] wpa: Incomplete WPS and P2P NFC NDEF record payload length validation
Added tag(s) pending.

-- 
787371: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787371
787372: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787372
787373: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787373
795740: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795740
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems


From owner at bugs.debian.org  Sat Oct 31 13:33:24 2015
From: owner at bugs.debian.org (Debian Bug Tracking System)
Date: Sat, 31 Oct 2015 13:33:24 +0000
Subject: [pkg-wpa-devel] Processed: wpa: diff for NMU version 2.3-2.2
References: <20151031133250.GA31587@elende.valinor.li>
 <20150531203858.21369.99771.reportbug@eldamar.local>
Message-ID: <handler.s.B787372.144629837921824.transcript@bugs.debian.org>

Processing control commands:

> tags 787371 + patch
Bug #787371 [src:wpa] wpa: CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length validation
Ignoring request to alter tags of bug #787371 to the same tags previously set
> tags 787371 + pending
Bug #787371 [src:wpa] wpa: CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length validation
Ignoring request to alter tags of bug #787371 to the same tags previously set
> tags 787372 + patch
Bug #787372 [src:wpa] wpa: CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer encoding
Ignoring request to alter tags of bug #787372 to the same tags previously set
> tags 787372 + pending
Bug #787372 [src:wpa] wpa: CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer encoding
Ignoring request to alter tags of bug #787372 to the same tags previously set
> tags 787373 + patch
Bug #787373 [src:wpa] wpa: CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing
Ignoring request to alter tags of bug #787373 to the same tags previously set
> tags 787373 + pending
Bug #787373 [src:wpa] wpa: CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing
Ignoring request to alter tags of bug #787373 to the same tags previously set
> tags 795740 + pending
Bug #795740 [src:wpa] wpa: Incomplete WPS and P2P NFC NDEF record payload length validation
Ignoring request to alter tags of bug #795740 to the same tags previously set

-- 
787371: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787371
787372: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787372
787373: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787373
795740: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795740
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems


From owner at bugs.debian.org  Sat Oct 31 13:33:27 2015
From: owner at bugs.debian.org (Debian Bug Tracking System)
Date: Sat, 31 Oct 2015 13:33:27 +0000
Subject: [pkg-wpa-devel] Processed: wpa: diff for NMU version 2.3-2.2
References: <20151031133250.GA31587@elende.valinor.li>
 <20150531204050.21863.65687.reportbug@eldamar.local>
Message-ID: <handler.s.B787373.144629837921815.transcript@bugs.debian.org>

Processing control commands:

> tags 787371 + patch
Bug #787371 [src:wpa] wpa: CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length validation
Ignoring request to alter tags of bug #787371 to the same tags previously set
> tags 787371 + pending
Bug #787371 [src:wpa] wpa: CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length validation
Ignoring request to alter tags of bug #787371 to the same tags previously set
> tags 787372 + patch
Bug #787372 [src:wpa] wpa: CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer encoding
Ignoring request to alter tags of bug #787372 to the same tags previously set
> tags 787372 + pending
Bug #787372 [src:wpa] wpa: CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer encoding
Ignoring request to alter tags of bug #787372 to the same tags previously set
> tags 787373 + patch
Bug #787373 [src:wpa] wpa: CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing
Ignoring request to alter tags of bug #787373 to the same tags previously set
> tags 787373 + pending
Bug #787373 [src:wpa] wpa: CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing
Ignoring request to alter tags of bug #787373 to the same tags previously set
> tags 795740 + pending
Bug #795740 [src:wpa] wpa: Incomplete WPS and P2P NFC NDEF record payload length validation
Ignoring request to alter tags of bug #795740 to the same tags previously set

-- 
787371: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787371
787372: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787372
787373: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787373
795740: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795740
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems


From carnil at debian.org  Sat Oct 31 13:32:50 2015
From: carnil at debian.org (Salvatore Bonaccorso)
Date: Sat, 31 Oct 2015 14:32:50 +0100
Subject: [pkg-wpa-devel] Bug#787372: wpa: diff for NMU version 2.3-2.2
Message-ID: <20151031133250.GA31587@elende.valinor.li>

Control: tags 787371 + patch
Control: tags 787371 + pending
Control: tags 787372 + patch
Control: tags 787372 + pending
Control: tags 787373 + patch
Control: tags 787373 + pending
Control: tags 795740 + pending

Dear maintainer,

I've prepared an NMU for wpa (versioned as 2.3-2.2) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards,
Salvatore
-------------- next part --------------
A non-text attachment was scrubbed...
Name: wpa-2.3-2.2-nmu.diff
Type: text/x-diff
Size: 21450 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-wpa-devel/attachments/20151031/ea59480a/attachment-0003.diff>

From owner at bugs.debian.org  Sat Oct 31 13:33:29 2015
From: owner at bugs.debian.org (Debian Bug Tracking System)
Date: Sat, 31 Oct 2015 13:33:29 +0000
Subject: [pkg-wpa-devel] Processed: wpa: diff for NMU version 2.3-2.2
References: <20151031133250.GA31587@elende.valinor.li>
 <20150816144044.25708.86801.reportbug@eldamar.local>
Message-ID: <handler.s.B795740.144629837921806.transcript@bugs.debian.org>

Processing control commands:

> tags 787371 + patch
Bug #787371 [src:wpa] wpa: CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length validation
Ignoring request to alter tags of bug #787371 to the same tags previously set
> tags 787371 + pending
Bug #787371 [src:wpa] wpa: CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length validation
Ignoring request to alter tags of bug #787371 to the same tags previously set
> tags 787372 + patch
Bug #787372 [src:wpa] wpa: CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer encoding
Ignoring request to alter tags of bug #787372 to the same tags previously set
> tags 787372 + pending
Bug #787372 [src:wpa] wpa: CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer encoding
Ignoring request to alter tags of bug #787372 to the same tags previously set
> tags 787373 + patch
Bug #787373 [src:wpa] wpa: CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing
Ignoring request to alter tags of bug #787373 to the same tags previously set
> tags 787373 + pending
Bug #787373 [src:wpa] wpa: CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing
Ignoring request to alter tags of bug #787373 to the same tags previously set
> tags 795740 + pending
Bug #795740 [src:wpa] wpa: Incomplete WPS and P2P NFC NDEF record payload length validation
Ignoring request to alter tags of bug #795740 to the same tags previously set

-- 
787371: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787371
787372: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787372
787373: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787373
795740: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795740
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems


From carnil at debian.org  Sat Oct 31 13:32:50 2015
From: carnil at debian.org (Salvatore Bonaccorso)
Date: Sat, 31 Oct 2015 14:32:50 +0100
Subject: [pkg-wpa-devel] Bug#787373: wpa: diff for NMU version 2.3-2.2
Message-ID: <20151031133250.GA31587@elende.valinor.li>

Control: tags 787371 + patch
Control: tags 787371 + pending
Control: tags 787372 + patch
Control: tags 787372 + pending
Control: tags 787373 + patch
Control: tags 787373 + pending
Control: tags 795740 + pending

Dear maintainer,

I've prepared an NMU for wpa (versioned as 2.3-2.2) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards,
Salvatore
-------------- next part --------------
A non-text attachment was scrubbed...
Name: wpa-2.3-2.2-nmu.diff
Type: text/x-diff
Size: 21450 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-wpa-devel/attachments/20151031/ea59480a/attachment-0005.diff>

From carnil at debian.org  Sat Oct 31 13:32:50 2015
From: carnil at debian.org (Salvatore Bonaccorso)
Date: Sat, 31 Oct 2015 14:32:50 +0100
Subject: [pkg-wpa-devel] Bug#795740: wpa: diff for NMU version 2.3-2.2
Message-ID: <20151031133250.GA31587@elende.valinor.li>

Control: tags 787371 + patch
Control: tags 787371 + pending
Control: tags 787372 + patch
Control: tags 787372 + pending
Control: tags 787373 + patch
Control: tags 787373 + pending
Control: tags 795740 + pending

Dear maintainer,

I've prepared an NMU for wpa (versioned as 2.3-2.2) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards,
Salvatore
-------------- next part --------------
A non-text attachment was scrubbed...
Name: wpa-2.3-2.2-nmu.diff
Type: text/x-diff
Size: 21450 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-wpa-devel/attachments/20151031/ea59480a/attachment-0006.diff>

From ftpmaster at ftp-master.debian.org  Sat Oct 31 13:36:09 2015
From: ftpmaster at ftp-master.debian.org (Debian FTP Masters)
Date: Sat, 31 Oct 2015 13:36:09 +0000
Subject: [pkg-wpa-devel] Processing of wpa_2.3-2.2_sourceonly.changes
Message-ID: <E1ZsWKH-0001me-MN@franck.debian.org>

wpa_2.3-2.2_sourceonly.changes uploaded successfully to localhost
along with the files:
  wpa_2.3-2.2.dsc
  wpa_2.3-2.2.debian.tar.xz

Greetings,

	Your Debian queue daemon (running on host franck.debian.org)