-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 3.0 (quilt) Source: wpa Binary: hostapd, wpagui, wpasupplicant, wpasupplicant-udeb Architecture: linux-any kfreebsd-any Version: 2.3-1+deb8u3 Maintainer: Debian wpasupplicant Maintainers <[email protected]> Uploaders: Kel Modderman <[email protected]>, Stefan Lippers-Hollmann <[email protected]>, Jan Dittberner <[email protected]> Homepage: http://w1.fi/wpa_supplicant/ Standards-Version: 3.9.6 Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-wpa/wpa/trunk/ Vcs-Svn: svn://anonscm.debian.org/pkg-wpa/wpa/trunk/ Build-Depends: debhelper (>> 9.20120115), libdbus-1-dev, libssl-dev, libqt4-dev, libncurses5-dev, libpcsclite-dev, libnl-3-dev [linux-any], libnl-genl-3-dev [linux-any], libnl-route-3-dev [linux-any], libpcap-dev [kfreebsd-any], libbsd-dev [kfreebsd-any], libreadline-dev, pkg-config, qt4-qmake, docbook-to-man, docbook-utils Package-List: hostapd deb net optional arch=linux-any,kfreebsd-any wpagui deb net optional arch=linux-any,kfreebsd-any wpasupplicant deb net optional arch=linux-any,kfreebsd-any wpasupplicant-udeb udeb debian-installer standard arch=linux-any Checksums-Sha1: 7737a4306195ffaba8bb6777e2ede5a4a25e3ca0 1735544 wpa_2.3.orig.tar.xz 1e6f015994567296365726b2c3908f43368151e4 80588 wpa_2.3-1+deb8u3.debian.tar.xz Checksums-Sha256: 3d96034fa9e042c8aacb0812d8b2ab3d4c9aa6fc410802b4ee0da311e51c3eb3 1735544 wpa_2.3.orig.tar.xz 4420de243cef28913a0ae823c26941ac0343ad935ed8ff0573936d6735b16e6a 80588 wpa_2.3-1+deb8u3.debian.tar.xz Files: d6dc9fa32a406506717ee6a4d076cd6d 1735544 wpa_2.3.orig.tar.xz c72c109f7b6bd45da4f666992efda52f 80588 wpa_2.3-1+deb8u3.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWPhYLAAoJEAVMuPMTQ89E0JMP/1LktGNtdZPaUYxVX2kRFh/d 5wpaQCi0IsszM+COKeMTnN5XK8Y9U6H0ItyEYNrbwk+34t7Snx0cv8tpgCTIL70Z Eq2KDCT5ch7Dd6eK/4376VqUmFnOstPXn0VIVsveEFu5jEwD4CS7+q4SC0WGuTOt ws2OulF0nnHgMTHgLLj2wYSR/xWEO+ooNJJVlUByXaw3YUG9ooe9TzUBX2RcfLKL r18oqUpdtPDql8k0kMf6l47rCRzepJhtQkdXKVTgxiFTQIAsIisMkTJgYWlauPRM XvpZ8pTX7R8h95OonZpn85J6rhzbZMIUCIcQQTeI4tZeaXFK8DLTMXHiYnbEMC9F uxny5l3KzUC/HYCHewrReir8/aPeGvabD2HWzdnqB5Ffb6OYucV2zEEZ1C8VRtzf J04nQYNuzcpkEMijQxdDf7HHIs45JsewH58IVUbqfMmYJg5BQ2zEQDCFDYLUa6Vi AqeKHZP8a0JnDD7DjgLAxfD8XehqzYKW3I6u+1SCV2BGFP7CfCK1nbYku5qAdMbr b9HqjY0CKbB5ZdhprkrOart4QA5nUQJsZeT1t1NVbwqp96BYA6FoG17k0GEkP+G5 3VG4fTazW7CjCVAfVBQmmLmGbk9VP1+dZAHeew17grYdF92nZl5B0QjnsGpRNxvH 6xYJpEjlRIVaGeArp8R0 =tlhp -----END PGP SIGNATURE----- Changes: wpa (2.3-1+deb8u3) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * Add CVE-2015-5314.patch patch. CVE-2015-5314: hostapd: EAP-pwd missing last fragment length validation. * Add CVE-2015-5315.patch patch. CVE-2015-5315: wpa_supplicant: EAP-pwd missing last fragment length validation. * Add CVE-2015-5316.patch patch. CVE-2015-5316: EAP-pwd peer error path failure on unexpected Confirm message. -- Salvatore Bonaccorso <[email protected]> Sat, 07 Nov 2015 16:05:23 +0100