Debian Package Tracker

From: Yves-Alexis Perez <corsac@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted wpa 2:2.4-1+deb9u1 (source) into proposed-updates->stable-new, proposed-updates
Date: Thu, 19 Oct 2017 17:32:51 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 14 Oct 2017 14:18:32 +0200
Source: wpa
Binary: hostapd wpagui wpasupplicant wpasupplicant-udeb
Architecture: source
Version: 2:2.4-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian wpasupplicant Maintainers <pkg-wpa-devel@lists.alioth.debian.org>
Changed-By: Yves-Alexis Perez <corsac@debian.org>
Description:
 hostapd    - IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
 wpagui     - graphical user interface for wpa_supplicant
 wpasupplicant - client support for WPA and WPA2 (IEEE 802.11i)
 wpasupplicant-udeb - Client support for WPA and WPA2 (IEEE 802.11i) (udeb)
Changes:
 wpa (2:2.4-1+deb9u1) stretch-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix multiple issues in WPA protocol (CVE-2017-13077, CVE-2017-13078,
     CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,
     CVE-2017-13086, CVE-2017-13087, CVE-2017-13088):
     - hostapd: Avoid key reinstallation in FT handshake
     - Prevent reinstallation of an already in-use group key
     - Extend protection of GTK/IGTK reinstallation of
     - Fix TK configuration to the driver in EAPOL-Key 3/4
     - Prevent installation of an all-zero TK
     - Fix PTK rekeying to generate a new ANonce
     - TDLS: Reject TPK-TK reconfiguration
     - WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode
     - WNM: Ignore WNM-Sleep Mode Response without pending
     - FT: Do not allow multiple Reassociation Response frames
     - TDLS: Ignore incoming TDLS Setup Response retries
Checksums-Sha1:
 f3af36a0fff7f148d06d3b9c8ce51b9b7e1e33b7 2186 wpa_2.4-1+deb9u1.dsc
 be9f0c01074cebe981a168eb747eab252eeff5f6 1834600 wpa_2.4.orig.tar.xz
 940182e4cfe5282665ea1c97f9eb0f31565847f0 95876 wpa_2.4-1+deb9u1.debian.tar.xz
Checksums-Sha256:
 9281f757f1af46789339bedcf520756af765f304f125033a93a39b4a7afeb30b 2186 wpa_2.4-1+deb9u1.dsc
 a1e4eda50796b2234a6cd2f00748bbe09f38f3f621919187289162faeb50b6b8 1834600 wpa_2.4.orig.tar.xz
 2d847cc3047deb7d36e3442b6337e2095f9269125dc41c3518ccbe9c8af4adc9 95876 wpa_2.4-1+deb9u1.debian.tar.xz
Files:
 9cdd1d1201390403227f78e1af183102 2186 net optional wpa_2.4-1+deb9u1.dsc
 6a77b9fe6838b4fca9b92cb22e14de1d 1834600 net optional wpa_2.4.orig.tar.xz
 0d05bd80c3548ff052dae9e864046332 95876 net optional wpa_2.4-1+deb9u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEl0WwInMjgf6efq/1bdtT8qZ1wKUFAlniGjMACgkQbdtT8qZ1
wKVnTAf+Nlai6HcoCU0A9WospMhzm+446uMVcXoe6GaMhrSJYu0SqA2o65Xvqplo
j3ReePWPdM+vICunArDlG38QnrnisXSR0b/1pD69YQU0I0cgOHnhxbn6/J4DNj7T
szlALIaeZp54NwYAsxiQ1c6GaxS4YhXOIOma7S3cuSCQ5JgGDYKHuwUck9QWcDUr
rIwKke2V3ZlqqMYAWJiPgA2IpKQ9vLwBR2GjxTbuntBZ2RRe08ft8KGO98ooIxBR
2fbSQ6OqJcYKcBMskWi6yhPRmP4sioasNagMPX9JxM9+xPjS1fIWQ/ZMtG/bBTaA
+WGKh/zHqVMf8LvLCFtD1K6E8754PQ==
=+YKc
-----END PGP SIGNATURE-----
News for package wpa
