Accepted wpa 2.3-1+deb8u8 (source amd64) into oldoldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 31 Jul 2019 22:44:37 +0200
Source: wpa
Binary: hostapd wpagui wpasupplicant wpasupplicant-udeb
Architecture: source amd64
Version: 2.3-1+deb8u8
Distribution: jessie-security
Urgency: medium
Maintainer: Debian wpasupplicant Maintainers <pkg-wpa-devel@lists.alioth.debian.org>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Description:
hostapd - IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
wpagui - graphical user interface for wpa_supplicant
wpasupplicant - client support for WPA and WPA2 (IEEE 802.11i)
wpasupplicant-udeb - Client support for WPA and WPA2 (IEEE 802.11i) (udeb)
Closes: 927463
Changes:
wpa (2.3-1+deb8u8) jessie-security; urgency=medium
.
* Non-maintainer upload by the LTS team.
.
* CVE-2019-9495: only partial mitigation feasible for this wpa version
+ 2019-2/0001-OpenSSL-Use-constant-time-operations-for-private-big.patch
+ FIXME: too invasive to backport (or for someone with more time+expertise):
[2019-2/0002-Add-helper-functions-for-constant-time-operations.patch]
[2019-2/0003-OpenSSL-Use-constant-time-selection-for-crypto_bignu.patch]
[2019-2/0004-EAP-pwd-Use-constant-time-and-memory-access-for-find.patch]
+ For more details, see https://w1.fi/security/2019-2/.
.
* Upstream cherry-picks:
+ Pick 2019-4/0001-Add-crypto_ec_point_cmp.patch, required for applying
2019-4/0012-EAP-pwd-server-Detect-reflection-attacks.patch
[2019-4/0014-EAP-pwd-Check-element-x-y-coordinates-explicitly.patch]
.
* CVE-2019-9498 (partial):
+ 2019-4/0011-EAP-pwd-server-Verify-received-scalar-and-element.patch
* CVE-2019-9497:
+ 2019-4/0012-EAP-pwd-server-Detect-reflection-attacks.patch
* CVE-2019-9499 (partial):
+ 2019-4/0013-EAP-pwd-client-Verify-received-scalar-and-element.patch
* CVE-2019-9498 + CVE-2019-9499 (FIXME):
+ too invasive to backport (or for someone with more time+expertise):
[2019-4/0014-EAP-pwd-Check-element-x-y-coordinates-explicitly.patch]
.
* CVE-2019-11555 (Closes: #927463):
+ 2019-5/0001-EAP-pwd-server-Fix-reassembly-buffer-handling.patch
+ 2019-5/0003-EAP-pwd-peer-Fix-reassembly-buffer-handling.patch
.
* debian/rules: Forcefully enable compilation of the ECC code
(NEED_ECC=y).
Checksums-Sha1:
25a0c7541997367a59fa894ad6dc59666e0f47b8 2542 wpa_2.3-1+deb8u8.dsc
f6fe1be17cabb673214554bce484210475ef1e9b 106176 wpa_2.3-1+deb8u8.debian.tar.xz
1f8a7e23d56849fe1883719ab5e90b6eef410c42 542120 hostapd_2.3-1+deb8u8_amd64.deb
2fd732a2d21b90ff2d5f6e5adc17012f09a1d5ee 346400 wpagui_2.3-1+deb8u8_amd64.deb
09bf8e319616cdc42d49c1d683a4a9d2f3b2cf8d 919484 wpasupplicant_2.3-1+deb8u8_amd64.deb
46103186388df9e4d213f0fa89bde048ee4469e9 223632 wpasupplicant-udeb_2.3-1+deb8u8_amd64.udeb
Checksums-Sha256:
97681591351f0202fef995ea99c8539005eef798af2800f020bae48020fb4c9b 2542 wpa_2.3-1+deb8u8.dsc
1b704d1b66bc0afbc557424f07da94e9933cbd5be86af3c44179d5be570ee956 106176 wpa_2.3-1+deb8u8.debian.tar.xz
eb4cf6f99d14205c902d55f3aa85fa861a9020e11f0fc08b2eff68512066140b 542120 hostapd_2.3-1+deb8u8_amd64.deb
b27cae3918e00b67bad81573808b2c95fce468956fb9f49edec69eacaea51733 346400 wpagui_2.3-1+deb8u8_amd64.deb
ef607cedeeac2814473f7cc056776c4caa3e85c5e84b5af74289a0b566e4ffe2 919484 wpasupplicant_2.3-1+deb8u8_amd64.deb
6b57333a77dd1a1c6ede53529959a7d3522f87fc8f13b54f632757eaae358535 223632 wpasupplicant-udeb_2.3-1+deb8u8_amd64.udeb
Files:
1ca7cbac88e8eca578c5a3a87f1e309b 2542 net optional wpa_2.3-1+deb8u8.dsc
049d1770d947c77c0d982ae7cf8abaf7 106176 net optional wpa_2.3-1+deb8u8.debian.tar.xz
7d0d222090fc77e10a018a1e236446c0 542120 net optional hostapd_2.3-1+deb8u8_amd64.deb
455eed6db71e5798e538ef8efffb6fe9 346400 net optional wpagui_2.3-1+deb8u8_amd64.deb
1b6cfc7ff176f703de94ce419d56edf3 919484 net optional wpasupplicant_2.3-1+deb8u8_amd64.deb
0c8144990550efc5c1d44553c213c9b9 223632 debian-installer standard wpasupplicant-udeb_2.3-1+deb8u8_amd64.udeb
-----BEGIN PGP SIGNATURE-----
iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl1CCncVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxgLoP/RjogEy+y022iSrQuJ965qP+SqQW
GURQILqmHEbPNoqJXbvghg88tmwOUK4Kod9e3vQnYd5xuYlIKQr33S6Kt+0wQI0b
kRPdZX7q7YOCJwW9UkeQxoF6+F9p5vFqwnoq+p9W2aBtqfJL5i+xURpY2By1lZ4Z
2ch4j7ajPLUXLouTtKLfjYXwcOq3FOoDB0pZtpvcSbp9Q84xRPyRqwXSIWJrMn9g
Aqijx7000bqKamHETYi490O1QI7yWbPCGYDxjArsdj8y2F+jK3AFlET8zNsBFQEu
aq7XSIOuh6pTW8RPdfWfAOpKZp++bc6t98vX3wmr7KNeGmbcyBy/btK9HvjO0BWz
1gOcWmieTWF2P4SDbImv4tWyQ10nZ5BDxeJCTMuBFq3GYV1mkLotE+tWrFQah/LD
Xf0IupPkjHP5QpiIlfhayWTbwMBr60vGK4bKRYY5k4zjoy/bLhrtm8XzWvPqBrxH
aEzuKVzpZvAcFxEZgBEYc4ldsWwICccwft5Z9eJ0WlnPqNuT2PPUL4QYnw1ylJrc
dbQBb8ajXEsfVQECqjuBMcxVSGGvHkJ57msbmnJ7xnOeKXkWWQZKXqzvX6t+eH/d
4f66mg5zmk8iHgmQq/tkUIZNhiXaMZqtJRUh2Q/UWf9h+cpfUAj1XhA5IQJvchml
Si/vjXoYbwHdTKJ3
=jY7m
-----END PGP SIGNATURE-----
Reply to: