[pkg-wpa-devel] Bug#787371: wpa: CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length validation
Julian Wollrath
jwollrath at web.de
Mon Oct 26 13:30:39 UTC 2015
Hi Salvatore,
Am Sun, 25 Oct 2015 16:14:56 +0100
schrieb Salvatore Bonaccorso <carnil at debian.org>:
> Hi Julian,
>
> On Sat, Oct 24, 2015 at 05:04:56PM +0200, Julian Wollrath wrote:
> > +wpa (2.3-1+deb8u2) jessie-security; urgency=high
> > +
> > + * Add fixes for http://w1.fi/security/2015-5/
> > + * Add fixes for CVE-2015-4141, CVE-2015-4142, CVE-2015-4143,
> > CVE-2015-4144,
> > + CVE-2015-4145, CVE-2015-4146 (Closes: #787371).
>
> Only looked from a changelog point of view: Please close as well the
> other releated bugs in the changelog entries:
>
> fixes for http://w1.fi/security/2015-5/ -> #795740
> CVE-2015-4141 -> #787372
> CVE-2015-4142 -> #787373
> CVE-2015-4143 -> #787371
> CVE-2015-4144 -> #787371
> CVE-2015-4145 -> #787371
> CVE-2015-4146 -> #787371
>
> (you can find the information via the security-tracker, i.e.
> https://security-tracker.debian.org/wpa)
>
> The reason i filled different bug reports is that different version
> ranges are affected, so that we have proper version tracking as well
> for the BTS.
ok. I can change that. Not sure though, if I have time for it today.
>
> Thanks for having worked on that update and attached your patchset.
> Hav you worked as well on wheezy?
No I have not and I am unsure, if I have time do look at it before the
weekend.
Cheers,
Julian
More information about the Pkg-wpa-devel
mailing list