-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 09 Aug 2020 00:22:36 +0530 Source: wpa Binary: hostapd wpagui wpasupplicant wpasupplicant-udeb Architecture: source amd64 Version: 2:2.4-1+deb9u7 Distribution: stretch-security Urgency: high Maintainer: Debian wpasupplicant Maintainers <pkg-wpa-devel@lists.alioth.debian.org> Changed-By: Utkarsh Gupta <utkarsh@debian.org> Description: hostapd - IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator wpagui - graphical user interface for wpa_supplicant wpasupplicant - client support for WPA and WPA2 (IEEE 802.11i) wpasupplicant-udeb - Client support for WPA and WPA2 (IEEE 802.11i) (udeb) Changes: wpa (2:2.4-1+deb9u7) stretch-security; urgency=high . * Add patch to fix: - EAP-pwd server: Use os_get_random() for unpredictable token. (Fixes: CVE-2019-10064) - CVE-2020-12695: - WPS UPnP: Do not allow event subscriptions with URLs to other networks. - For the other issues: - WPS UPnP: Fix event message generation using a long URL path. - WPS UPnP: Handle HTTP initiation failures for events more properly. Checksums-Sha1: 619cca40ff7d20d1d3a194b3164c32405d1f9f76 2563 wpa_2.4-1+deb9u7.dsc be9f0c01074cebe981a168eb747eab252eeff5f6 1834600 wpa_2.4.orig.tar.xz 6ebcab60d23194c3bd2ea525604a6476f1ff997f 103652 wpa_2.4-1+deb9u7.debian.tar.xz 2a7b2ca92f237301ccaaa69c63da2131ccfa8433 1916670 hostapd-dbgsym_2.4-1+deb9u7_amd64.deb 4ffe42135437fa4065207e079f9558c0e1aa4544 563622 hostapd_2.4-1+deb9u7_amd64.deb e0d89ca6075b44e281edafd1068b941e16de8f67 12003 wpa_2.4-1+deb9u7_amd64.buildinfo 45c427c81cad5d16683b58c6d7815d2392f814f5 1674138 wpagui-dbgsym_2.4-1+deb9u7_amd64.deb eab579bb2afa7fb3c175056b92bd71b4edda052a 344550 wpagui_2.4-1+deb9u7_amd64.deb 83dfef1d2b07722a6e92678ce0b8f7c4665d6335 3276462 wpasupplicant-dbgsym_2.4-1+deb9u7_amd64.deb 74fc82dc074e04bdb4a12d7710495800f7ea7918 242868 wpasupplicant-udeb_2.4-1+deb9u7_amd64.udeb 82c49030c23cc22d4145e29c14a495711d1dedd0 974290 wpasupplicant_2.4-1+deb9u7_amd64.deb Checksums-Sha256: 245ac7797b35c8d4f802342f558af0e6a6d8de6405393984a99445de3812f49a 2563 wpa_2.4-1+deb9u7.dsc a1e4eda50796b2234a6cd2f00748bbe09f38f3f621919187289162faeb50b6b8 1834600 wpa_2.4.orig.tar.xz aebf9c9bc5e8b6e44cc2241958158434fc4f5b4973107862f9fc6a7d98d7488d 103652 wpa_2.4-1+deb9u7.debian.tar.xz 2bba0f0026a93fd4c9248246fa36b6ad736a4ff9d67a229d22232e708e5f2e45 1916670 hostapd-dbgsym_2.4-1+deb9u7_amd64.deb a1bbce25bf05dfcd880ed3e1d74c5efbfae7ecd826ccd1dfaba88aaee6ca364b 563622 hostapd_2.4-1+deb9u7_amd64.deb f4dfa5cc8df3bdf48786bc05434260e422c22e11eeb3de3fff184562a2ddf69a 12003 wpa_2.4-1+deb9u7_amd64.buildinfo e66027411a9564c17a3dda59b80fddcdb544b43bba8d1159197d87b834452358 1674138 wpagui-dbgsym_2.4-1+deb9u7_amd64.deb 12eb42b0c9ad7fef4af4054843d78d2a2b7ce46580c822eeb70ff888d305f8ea 344550 wpagui_2.4-1+deb9u7_amd64.deb 1ae2fce4f22dad5916dacf8caa670f2e60e5eff43802be429973b81c70c0ee5d 3276462 wpasupplicant-dbgsym_2.4-1+deb9u7_amd64.deb 729a415170245db1fe743f14aef93eec47f3e781e2e779ed83b4e1994aa1ad9d 242868 wpasupplicant-udeb_2.4-1+deb9u7_amd64.udeb 9cadaa576c20af4dfeba2ccc9d4ee05469138463eab98ad9dc3d4988caa4b372 974290 wpasupplicant_2.4-1+deb9u7_amd64.deb Files: b59529a5a6679a4dc79574fb5d6eed87 2563 net optional wpa_2.4-1+deb9u7.dsc 6a77b9fe6838b4fca9b92cb22e14de1d 1834600 net optional wpa_2.4.orig.tar.xz eca20b0ee4293384d8ae5e6a6e8dce2a 103652 net optional wpa_2.4-1+deb9u7.debian.tar.xz e9b9d1c36632f8861c499eb9e10692ec 1916670 debug extra hostapd-dbgsym_2.4-1+deb9u7_amd64.deb d9f9544264c10619312bcb3d62921bad 563622 net optional hostapd_2.4-1+deb9u7_amd64.deb ab9b579cbc868345077595411b72a628 12003 net optional wpa_2.4-1+deb9u7_amd64.buildinfo 445816e91f0badbcc8d38a34ccd77374 1674138 debug extra wpagui-dbgsym_2.4-1+deb9u7_amd64.deb adc8b2603f55c9afc7585475355e3fb0 344550 net optional wpagui_2.4-1+deb9u7_amd64.deb d40e041d1cae75a6cbdfda3c51b18d14 3276462 debug extra wpasupplicant-dbgsym_2.4-1+deb9u7_amd64.deb cd80c2af8093d74493f63b0c2cd3400b 242868 debian-installer standard wpasupplicant-udeb_2.4-1+deb9u7_amd64.udeb bc08bc288aaa5eab80a18d0cdf1b4387 974290 net optional wpasupplicant_2.4-1+deb9u7_amd64.deb -----BEGIN PGP SIGNATURE----- iQJHBAEBCAAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl8u+1sTHHV0a2Fyc2hA ZGViaWFuLm9yZwAKCRCCPpZ2BsNLlhrwEACNVxQrDJP8dINGId1KAVqWP6OU+IJ0 OYe5WTsdJ4gvFZ/HJtHT8JhqQLtW7LVCdal5hYOQhROwvwbwX7fXItBIC8GYufqI js3538XQxok+96VduyQAG04+xFL6fAEpmfmpylGpEOIcXJrDLmuxx7Dp+v7BI8QW BBh2xKOOtFMq3f06NmIVKLjA723xYa6GqHUYWDeFvEQVuBmflZmugFUsU+qtfXO7 q+LhXcnBRVntIcg6rvPQnOfuzOrK/QVMasoXwnPe3VpaLLabJPnu6/ZuNYLHe0QO BEqibVTgfUnh/Qcs7M5+INokwuLvB9KaGf6sfRXwsabz08j74drM7MBKn6iDNvlJ ZHP1AMJTLBWg4TUHoxMMXZY6vJdpjbujtJTlhAZs0I19RMHiYIMxhrdXoPKBw9Zg 0A197LteTnHHob0U8wOdZMyEK3XtjOMMdiCVoHaaSy7gx4gjLZtodpLx2xhCrFh/ 6SUp4N7pMxqcNiDxVBf15ErRcIZY+1v7qQkJzqKe539RnKECcsQZVpbn3vwB/R0P GQszpPp3+G41j1RhrbmZbNq6zzEXx7ZMzF11IAKwh/g2FLAxbadFKf9PtO20E1h6 T9CR7OEAefPJO6dsV7bPSFdL5QFUTrQnWXeTittl+YUL0r0PTXXLafyQUhjQiGKH InfVbLwzvwSNWA== =5q6E -----END PGP SIGNATURE-----