[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#765631: unblock/ age to 5 days: wpa/2.3-1 (CVE-2014-3686, DSA-3052-1)

Hallo Stefan!

Stefan Lippers-Hollmann <s.L-H@gmx.de> (2014-10-16):
> Please unblock the udeb producing package wpa and reduce its
> propagation time to 5 days. wpa 2.3-1 has been successfully built and
> uploaded on all release architectures.

Looking at its changelog and the current d-i schedule (or slight lack
thereof), no objection from debian-boot@.

> For debian-boot/ the upcoming stable point release (wheezy 7.7):
> wpasupplicant-udeb, as used by d-i, does not contain the exploitable
> binary (wpa_cli), which is only part of the full wpasupplicant/ hostapd
> packages (these are already fixed via debian-security). Accordingly 
> d-i's usage of wpa_supplicant is not suspectible to this security 
> issue.

Thanks for the heads-up, appreciated.

> This is a new upstream version of wpa containing further changes and
> features of wpa's stable integration branch[1], rather than a 
> targetted fix.
> unblock wpa/2.3-1

FWIW that'd rather be:
  age-days 5 wpa/2.3-1


Attachment: signature.asc
Description: Digital signature

Reply to: