-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 07 Nov 2015 16:05:23 +0100 Source: wpa Binary: hostapd wpagui wpasupplicant wpasupplicant-udeb Architecture: source Version: 2.3-1+deb8u3 Distribution: jessie-security Urgency: high Maintainer: Debian wpasupplicant Maintainers <pkg-wpa-devel@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Description: hostapd - IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator wpagui - graphical user interface for wpa_supplicant wpasupplicant - client support for WPA and WPA2 (IEEE 802.11i) wpasupplicant-udeb - Client support for WPA and WPA2 (IEEE 802.11i) (udeb) Changes: wpa (2.3-1+deb8u3) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2015-5314.patch patch. CVE-2015-5314: hostapd: EAP-pwd missing last fragment length validation. * Add CVE-2015-5315.patch patch. CVE-2015-5315: wpa_supplicant: EAP-pwd missing last fragment length validation. * Add CVE-2015-5316.patch patch. CVE-2015-5316: EAP-pwd peer error path failure on unexpected Confirm message. Checksums-Sha1: 289633bd418656214b8d3ee815ce360c8a3050f8 2496 wpa_2.3-1+deb8u3.dsc 1e6f015994567296365726b2c3908f43368151e4 80588 wpa_2.3-1+deb8u3.debian.tar.xz Checksums-Sha256: 31ae4c82ba5d0b8bf25597a9ea374a9cef816a6565c33bb69510a4f6909558be 2496 wpa_2.3-1+deb8u3.dsc 4420de243cef28913a0ae823c26941ac0343ad935ed8ff0573936d6735b16e6a 80588 wpa_2.3-1+deb8u3.debian.tar.xz Files: d8adbf4e3e7d0c0f476a76e4295ec8c0 2496 net optional wpa_2.3-1+deb8u3.dsc c72c109f7b6bd45da4f666992efda52f 80588 net optional wpa_2.3-1+deb8u3.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWPhYSAAoJEAVMuPMTQ89E6sUQAI2miWL1TFkSNYPRDcwTyHL4 ltLvziPHXcP/gkYuiYbP274NmkiHg5tgv4K0nLJX0so352OEG3ChYNo5/aef3FT3 fjFff8w/+/zWQCdFp9Ynm4at2yo69qR+2MuXEy8WjibffuHuvcG1zJzkHmF4DEKf /DQ1LppLFQAyKVBCxETrknJD4Pzz7N2BVTdpbgASB+mdwGJTIOW+D9krQ/MWZ6m5 stmdiEqt8Nig9aKKjWnLC+/t727Ivw8LX+qB5kEA2R85twT72jG401+hx59+v9xj ZHYhXAq/4uIOZom00RrHr8Ezo5YRHfgkXVHJm2Qb7h0Z8hfOaVAoWqcyHvM24IOZ 3Ks2Z4Kd49DKetWUBmWT+nFccyJOn2qWASsCmRyOZ5n4PFJT4cBl4PV7k9nC22G/ yPGQYP22XtsEMv+kJDjmLNeX8yG8DmvQwqTP9zaPxRMTbK8FCocwpBUpv5brRrDx r5usFeNcxkEXJa1Njy1iBlWYPKzSW3VCh+wrDkHHClLCTEAYwW9p9di2xVz3JR4N Jak3CVW+1cY0/pFuQaRwivKvTgsepHuJuV//bMfykHIOUzteEyu5XRPPoh1nblMw E79gk0L+eLIhR7gVTZpEZfkR9urqxvbwDTFjl+jd30dSNxEbeMCfVM5fIh0CLsp4 Vo9Y5bGbd7dQA75MAcQp =5DSQ -----END PGP SIGNATURE-----