[pkg-wpa-devel] Bug#783148: Bug#783148: wpa: CVE-2015-1863: wpa_supplicant P2P SSID processing vulnerability
Salvatore Bonaccorso
carnil at debian.org
Thu Apr 23 17:22:17 UTC 2015
Hi Stefan,
On Thu, Apr 23, 2015 at 07:14:01PM +0200, Stefan Lippers-Hollmann wrote:
> Hi
>
> On 2015-04-23, Salvatore Bonaccorso wrote:
> > Hi,
> >
> > I'm currently preparing the debdiffs for jessie-security and sid
> > uploads.
>
> Thank you for taking care of it, I was about to respond now (and am
> currently testing the patched packages, successfully so far).
Thanks for the quick reply. Are you fine if I skip the delayed queue
for the unstable upload? Or do you want to upload your prepared
package? (Would then do the jessie-security one only).
> Be aware that src:wpa 1.0-3+deb7u1 in wheezy is not affected by this
> bug, as we did (intentionally) disable CONFIG_P2P for those packages.
Yes, noticed thanks! Sourcewise it should be affected but only for
people who would rebuild the packages and enable CONFIG_P2P. Will
update https://security-tracker.debian.org/tracker/CVE-2015-1863
Regards,
Salvatore
More information about the Pkg-wpa-devel
mailing list