-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 16 Apr 2021 15:07:06 +0200 Source: wpa Architecture: source Version: 2:2.7+git20190128+0c1e29f-6+deb10u3 Distribution: buster-security Urgency: high Maintainer: Debian wpasupplicant Maintainers <wpa@packages.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 976106 981971 Changes: wpa (2:2.7+git20190128+0c1e29f-6+deb10u3) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * WPS UPnP: Do not allow event subscriptions with URLs to other networks (CVE-2020-12695) (Closes: #976106) * WPS UPnP: Fix event message generation using a long URL path (CVE-2020-12695) (Closes: #976106) * WPS UPnP: Handle HTTP initiation failures for events more properly (CVE-2020-12695) (Closes: #976106) * P2P: Fix copying of secondary device types for P2P group client (CVE-2021-0326) (Closes: #981971) * P2P: Fix a corner case in peer addition based on PD Request (CVE-2021-27803) Checksums-Sha1: 499bf9e46cc2776019cb71c7448c0a189dfc71ae 2716 wpa_2.7+git20190128+0c1e29f-6+deb10u3.dsc 6f0d7a8ef001539a7407d37529c1525b9a9b56b5 111756 wpa_2.7+git20190128+0c1e29f-6+deb10u3.debian.tar.xz Checksums-Sha256: 7011a669781d93abd9f9ee8d27bcd1011c3468e73aa059556a836c05ff793371 2716 wpa_2.7+git20190128+0c1e29f-6+deb10u3.dsc 8ed6c90ec4ecf60f96b8606cc69cf3f17d5f548a56b256e6746df1f9ed342d29 111756 wpa_2.7+git20190128+0c1e29f-6+deb10u3.debian.tar.xz Files: eec6ef7cc457ffbff55cd285a00f6226 2716 net optional wpa_2.7+git20190128+0c1e29f-6+deb10u3.dsc e242439ace3a3c6731a32afd4a590e43 111756 net optional wpa_2.7+git20190128+0c1e29f-6+deb10u3.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmB5jbBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EaTYP/jpR8LBmhtf7bbhGkFyCn94E2OC3DI8C XzLP+692U1K3fpveHwV2yS+cXBjsQtS5SdBKzwcyIHyrGhWxv+cd+6bIxb5tvDXx unzb3rmBuQsmOjlqlceiUUxpFzITzq/KRq2wzI0HS1XCBjBJl9GIwoMgGRWxqbZC bKO99VyTux5wcPPfLIC6OHuoFBiP9z864txIGcXKdXgcWnY8uhhv6hbNI+jDf74u rTcAASGhPst+AFWokmdhrkApSmN7MB5jeQLXFYW9SdbEr58bQ+4Yf57qMcI/GcJt Baf2A1PXqG7Z0tmiW7p2/wVOQCVNUEyIP1fd7a2dqONrai14dp36DNtMHpFU2g0i Pfj61FOlqCa1ln20b6Cid+T2X6ownd5rPN6aEUBhRjNnoZ4cCHyjG208lXghOCcf zZyQVzBhTxQLli2mA1mEdgwIZp5wugbrFgLszeLFdAwgwzUoX7BI9zJ5UFjHLoJE BOitXlv7YorJmOHGJl+b9X9PqLgBJDJ1NB2C1eUUSLy4S5dumvRkYimoP1+jb9zx AZjK/4k7bALlmMWSuhgzA2Iwh3jUVaERGHvxc8IrEv8Rjakfj1jdSvU7nbL/MprV BpGU74WnEN8bMTHanULVNaJJcp0FjE0KebL2+Ni//KDayjSDjptNpaXFeNfhYGG8 OqadRamYCxWQ =cdV1 -----END PGP SIGNATURE-----