Bug#869639: firmware-brcm80211: BroadPwn vulnerability CVE-2017-8386

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#869639: firmware-brcm80211: BroadPwn vulnerability CVE-2017-8386
From: Mark Robinson <mark@zl2tod.net>
Date: Tue, 25 Jul 2017 20:06:29 +1200
Message-id: <[🔎] 20170725080629.8106.57019.reportbug@kahawai.zl2tod.net>
Reply-to: Mark Robinson <mark@zl2tod.net>, 869639@bugs.debian.org

Package: firmware-brcm80211
Version: 0.43
Severity: critical
Tags: security upstream
Justification: root security hole

Dear Maintainer,

CVE-2017-8386 "BroadPwn" has been around for a while.

It seems Debian ships the relevant firmware in this package.

Could I impose on you to ensure that all is as it should be?

Many thanks.
Mark

https://nvd.nist.gov/vuln/detail/CVE-2017-8386
https://security-tracker.debian.org/tracker/CVE-2017-9417
https://packages.debian.org/search?keywords=firmware-brcm80211
http://boosterok.com/blog/broadpwn/

-- System Information:
Debian Release: 8.9
  APT prefers testing
  APT policy: (1000, 'testing'), (1000, 'stable'), (1000, 'oldstable'), (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Reply to:

Prev by Date: Processed: tagging 869613, tagging 869613
Next by Date: Bug#869639: correct to CVE-2017-9417, and link
Previous by thread: Processed: tagging 869613, tagging 869613
Next by thread: Bug#869639: correct to CVE-2017-9417, and link
Index(es):
- Date
- Thread