[pkg-wpa-devel] Bug#787371: wpa: CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length validation
Salvatore Bonaccorso
carnil at debian.org
Sun Oct 25 15:14:56 UTC 2015
Hi Julian,
On Sat, Oct 24, 2015 at 05:04:56PM +0200, Julian Wollrath wrote:
> +wpa (2.3-1+deb8u2) jessie-security; urgency=high
> +
> + * Add fixes for http://w1.fi/security/2015-5/
> + * Add fixes for CVE-2015-4141, CVE-2015-4142, CVE-2015-4143, CVE-2015-4144,
> + CVE-2015-4145, CVE-2015-4146 (Closes: #787371).
Only looked from a changelog point of view: Please close as well the
other releated bugs in the changelog entries:
fixes for http://w1.fi/security/2015-5/ -> #795740
CVE-2015-4141 -> #787372
CVE-2015-4142 -> #787373
CVE-2015-4143 -> #787371
CVE-2015-4144 -> #787371
CVE-2015-4145 -> #787371
CVE-2015-4146 -> #787371
(you can find the information via the security-tracker, i.e.
https://security-tracker.debian.org/wpa)
The reason i filled different bug reports is that different version
ranges are affected, so that we have proper version tracking as well
for the BTS.
Thanks for having worked on that update and attached your patchset.
Hav you worked as well on wheezy?
Regards,
Salvatore
More information about the Pkg-wpa-devel
mailing list