News for package wpa

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 3.0 (quilt)
Source: wpa
Binary: hostapd, wpagui, wpasupplicant, wpasupplicant-udeb
Architecture: linux-any kfreebsd-any
Version: 2.3-1+deb8u3
Maintainer: Debian wpasupplicant Maintainers <[email protected]>
Uploaders: Kel Modderman <[email protected]>, Stefan Lippers-Hollmann <[email protected]>, Jan Dittberner <[email protected]>
Homepage: http://w1.fi/wpa_supplicant/
Standards-Version: 3.9.6
Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-wpa/wpa/trunk/
Vcs-Svn: svn://anonscm.debian.org/pkg-wpa/wpa/trunk/
Build-Depends: debhelper (>> 9.20120115), libdbus-1-dev, libssl-dev, libqt4-dev, libncurses5-dev, libpcsclite-dev, libnl-3-dev [linux-any], libnl-genl-3-dev [linux-any], libnl-route-3-dev [linux-any], libpcap-dev [kfreebsd-any], libbsd-dev [kfreebsd-any], libreadline-dev, pkg-config, qt4-qmake, docbook-to-man, docbook-utils
Package-List:
 hostapd deb net optional arch=linux-any,kfreebsd-any
 wpagui deb net optional arch=linux-any,kfreebsd-any
 wpasupplicant deb net optional arch=linux-any,kfreebsd-any
 wpasupplicant-udeb udeb debian-installer standard arch=linux-any
Checksums-Sha1:
 7737a4306195ffaba8bb6777e2ede5a4a25e3ca0 1735544 wpa_2.3.orig.tar.xz
 1e6f015994567296365726b2c3908f43368151e4 80588 wpa_2.3-1+deb8u3.debian.tar.xz
Checksums-Sha256:
 3d96034fa9e042c8aacb0812d8b2ab3d4c9aa6fc410802b4ee0da311e51c3eb3 1735544 wpa_2.3.orig.tar.xz
 4420de243cef28913a0ae823c26941ac0343ad935ed8ff0573936d6735b16e6a 80588 wpa_2.3-1+deb8u3.debian.tar.xz
Files:
 d6dc9fa32a406506717ee6a4d076cd6d 1735544 wpa_2.3.orig.tar.xz
 c72c109f7b6bd45da4f666992efda52f 80588 wpa_2.3-1+deb8u3.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWPhYLAAoJEAVMuPMTQ89E0JMP/1LktGNtdZPaUYxVX2kRFh/d
5wpaQCi0IsszM+COKeMTnN5XK8Y9U6H0ItyEYNrbwk+34t7Snx0cv8tpgCTIL70Z
Eq2KDCT5ch7Dd6eK/4376VqUmFnOstPXn0VIVsveEFu5jEwD4CS7+q4SC0WGuTOt
ws2OulF0nnHgMTHgLLj2wYSR/xWEO+ooNJJVlUByXaw3YUG9ooe9TzUBX2RcfLKL
r18oqUpdtPDql8k0kMf6l47rCRzepJhtQkdXKVTgxiFTQIAsIisMkTJgYWlauPRM
XvpZ8pTX7R8h95OonZpn85J6rhzbZMIUCIcQQTeI4tZeaXFK8DLTMXHiYnbEMC9F
uxny5l3KzUC/HYCHewrReir8/aPeGvabD2HWzdnqB5Ffb6OYucV2zEEZ1C8VRtzf
J04nQYNuzcpkEMijQxdDf7HHIs45JsewH58IVUbqfMmYJg5BQ2zEQDCFDYLUa6Vi
AqeKHZP8a0JnDD7DjgLAxfD8XehqzYKW3I6u+1SCV2BGFP7CfCK1nbYku5qAdMbr
b9HqjY0CKbB5ZdhprkrOart4QA5nUQJsZeT1t1NVbwqp96BYA6FoG17k0GEkP+G5
3VG4fTazW7CjCVAfVBQmmLmGbk9VP1+dZAHeew17grYdF92nZl5B0QjnsGpRNxvH
6xYJpEjlRIVaGeArp8R0
=tlhp
-----END PGP SIGNATURE-----

Changes:
wpa (2.3-1+deb8u3) jessie-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Add CVE-2015-5314.patch patch.
    CVE-2015-5314: hostapd: EAP-pwd missing last fragment length validation.
  * Add CVE-2015-5315.patch patch.
    CVE-2015-5315: wpa_supplicant: EAP-pwd missing last fragment length
    validation.
  * Add CVE-2015-5316.patch patch.
    CVE-2015-5316: EAP-pwd peer error path failure on unexpected Confirm
    message.

 -- Salvatore Bonaccorso <[email protected]>  Sat, 07 Nov 2015 16:05:23 +0100