Bug#905762: stretch-pu: package wpa/2:2.4-1+deb9u2

To: Andrej Shadura <andrewsh@debian.org>, 905762@bugs.debian.org
Cc: kibi@debian.org
Subject: Bug#905762: stretch-pu: package wpa/2:2.4-1+deb9u2
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Fri, 17 Aug 2018 09:21:00 +0100
Message-id: <[🔎] 1534494060.24088.29.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 905762@bugs.debian.org
In-reply-to: <[🔎] 153379988259.5741.6484944081901044882.reportbug@nuevo>
References: <[🔎] 153379988259.5741.6484944081901044882.reportbug@nuevo> <[🔎] 153379988259.5741.6484944081901044882.reportbug@nuevo>

Control: tags -1 + moreinfo d-i

On Thu, 2018-08-09 at 09:31 +0200, Andrej Shadura wrote:
> I would like to fix CVE-2018-14526 (#905739) in stable:
> 
> CVE-2018-14526[0]:
> > An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0
> > through 2.6. Under certain conditions, the integrity of EAPOL-Key
> > messages is not checked, leading to a decryption oracle. An
> > attacker
> > within range of the Access Point and client can abuse the
> > vulnerability to recover sensitive information.
> 
> This is a low priority security issue, and doesn't require a DSA.
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2018-14526

As wpa builds a udeb, this will need a KiBi-ack; CCing and tagging
accordingly.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#905762: stretch-pu: package wpa/2:2.4-1+deb9u2
  - From: Cyril Brulebois <kibi@debian.org>

References:
- Bug#905762: stretch-pu: package wpa/2:2.4-1+deb9u2
  - From: Andrej Shadura <andrewsh@debian.org>

Prev by Date: Processed: Re: Bug#905762: stretch-pu: package wpa/2:2.4-1+deb9u2
Next by Date: Re: Re: Transition sane-backends
Previous by thread: Processed: Re: Bug#905762: stretch-pu: package wpa/2:2.4-1+deb9u2
Next by thread: Bug#905762: stretch-pu: package wpa/2:2.4-1+deb9u2
Index(es):
- Date
- Thread