Your message dated Thu, 16 Oct 2014 20:50:02 +0200 with message-id <20141016185002.GN3591@betterave.cristau.org> and subject line Re: Bug#765631: unblock/ age to 5 days: wpa/2.3-1 (CVE-2014-3686, DSA-3052-1) has caused the Debian Bug report #765631, regarding unblock/ age to 5 days: wpa/2.3-1 (CVE-2014-3686, DSA-3052-1) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 765631: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765631 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: unblock/ age to 5 days: wpa/2.3-1 (CVE-2014-3686, DSA-3052-1)
- From: "Stefan Lippers-Hollmann" <s.L-H@gmx.de>
- Date: Thu, 16 Oct 2014 20:33:53 +0200
- Message-id: <[🔎] 201410162033.53447.s.L-H@gmx.de>
Package: release.debian.org User: release.debian.org@packages.debian.org Usertags: unblock Severity: normal X-Debbugs-CC: debian-boot@lists.debian.org Hi Please unblock the udeb producing package wpa and reduce its propagation time to 5 days. wpa 2.3-1 has been successfully built and uploaded on all release architectures. wpa <= 2.3-1 is vulnerable against a remotely exploitable security bug, which might allow attackers to inject an unsanitized string received from a remote device (potentially any device in radio range) to a privileged (typically root or netdev) system() call via wpa_cli/ hostapd_cli action scripts. CVE-2014-3686 https://security-tracker.debian.org/tracker/CVE-2014-3686 DSA-3052-1 https://www.debian.org/security/2014/dsa-3052 #765352 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765352 For debian-boot/ the upcoming stable point release (wheezy 7.7): wpasupplicant-udeb, as used by d-i, does not contain the exploitable binary (wpa_cli), which is only part of the full wpasupplicant/ hostapd packages (these are already fixed via debian-security). Accordingly d-i's usage of wpa_supplicant is not suspectible to this security issue. This is a new upstream version of wpa containing further changes and features of wpa's stable integration branch[1], rather than a targetted fix. unblock wpa/2.3-1 Regards Stefan Lippers-Hollmann [1] wpa 2.x is a continuous integration branch for bugfixes and new features, rather than a dedicated bugfix branch in the sense of PostgreSQL or the linux kernel.Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
- To: Stefan Lippers-Hollmann <s.L-H@gmx.de>, 765631-done@bugs.debian.org
- Subject: Re: Bug#765631: unblock/ age to 5 days: wpa/2.3-1 (CVE-2014-3686, DSA-3052-1)
- From: Julien Cristau <jcristau@debian.org>
- Date: Thu, 16 Oct 2014 20:50:02 +0200
- Message-id: <20141016185002.GN3591@betterave.cristau.org>
- In-reply-to: <[🔎] 201410162033.53447.s.L-H@gmx.de>
- References: <[🔎] 201410162033.53447.s.L-H@gmx.de>
On Thu, Oct 16, 2014 at 20:33:53 +0200, Stefan Lippers-Hollmann wrote: > Package: release.debian.org > User: release.debian.org@packages.debian.org > Usertags: unblock > Severity: normal > X-Debbugs-CC: debian-boot@lists.debian.org > > Hi > > Please unblock the udeb producing package wpa and reduce its > propagation time to 5 days. wpa 2.3-1 has been successfully built and > uploaded on all release architectures. > Aged, thanks for the notice! Cheers, JulienAttachment: signature.asc
Description: Digital signature
--- End Message ---