[pkg-wpa-devel] Bug#787371: wpa: CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length validation
Salvatore Bonaccorso
carnil at debian.org
Tue Oct 27 20:54:30 UTC 2015
Hi Julian,
On Mon, Oct 26, 2015 at 02:30:39PM +0100, Julian Wollrath wrote:
> Hi Salvatore,
>
> Am Sun, 25 Oct 2015 16:14:56 +0100
> schrieb Salvatore Bonaccorso <carnil at debian.org>:
>
> > Hi Julian,
> >
> > On Sat, Oct 24, 2015 at 05:04:56PM +0200, Julian Wollrath wrote:
> > > +wpa (2.3-1+deb8u2) jessie-security; urgency=high
> > > +
> > > + * Add fixes for http://w1.fi/security/2015-5/
> > > + * Add fixes for CVE-2015-4141, CVE-2015-4142, CVE-2015-4143,
> > > CVE-2015-4144,
> > > + CVE-2015-4145, CVE-2015-4146 (Closes: #787371).
> >
> > Only looked from a changelog point of view: Please close as well the
> > other releated bugs in the changelog entries:
> >
> > fixes for http://w1.fi/security/2015-5/ -> #795740
> > CVE-2015-4141 -> #787372
> > CVE-2015-4142 -> #787373
> > CVE-2015-4143 -> #787371
> > CVE-2015-4144 -> #787371
> > CVE-2015-4145 -> #787371
> > CVE-2015-4146 -> #787371
> >
> > (you can find the information via the security-tracker, i.e.
> > https://security-tracker.debian.org/wpa)
> >
> > The reason i filled different bug reports is that different version
> > ranges are affected, so that we have proper version tracking as well
> > for the BTS.
> ok. I can change that. Not sure though, if I have time for it today.
>
> >
> > Thanks for having worked on that update and attached your patchset.
> > Hav you worked as well on wheezy?
> No I have not and I am unsure, if I have time do look at it before the
> weekend.
I will tentatively look into it soon in the next few days as well.
Regards,
Salvatore
More information about the Pkg-wpa-devel
mailing list