-
wpa (2.1-0ubuntu1.7) trusty-security; urgency=medium
* SECURITY UPDATE: Multiple security issues
- debian/patches/VU-871675/*.patch: backported upstream patches.
- CVE-2019-9495
- CVE-2019-9497
- CVE-2019-9498
- CVE-2019-9499
* SECURITY UPDATE: insecure os_random() fallback
- debian/patches/CVE-2016-10743.patch: Use only os_get_random() for PIN
generation.
- CVE-2016-10743
-- Marc Deslauriers <email address hidden> Tue, 09 Apr 2019 08:28:53 -0400
-
wpa (2.1-0ubuntu1.6) trusty-security; urgency=medium
* SECURITY UPDATE: Expose sensitive information
- debian/patches/CVE-2018-14526.patch: fix in src/rsn_supp/wpa.c.
- CVE-2018-14526
-- <email address hidden> (Leonidas S. Barbosa) Thu, 09 Aug 2018 14:17:41 -0300
-
wpa (2.1-0ubuntu1.5) trusty-security; urgency=medium
* SECURITY UPDATE: Multiple issues in WPA protocol
- debian/patches/2017-1/*.patch: Add patches from Debian jessie
- CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,
CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087,
CVE-2017-13088
* SECURITY UPDATE: Denial of service issues
- debian/patches/2016-1/*.patch: Add patches from Debian jessie
- CVE-2016-4476
- CVE-2016-4477
-- Marc Deslauriers <email address hidden> Mon, 16 Oct 2017 08:20:18 -0400
-
wpa (2.1-0ubuntu1.4) trusty-security; urgency=medium
* SECURITY UPDATE: unauthorized WNM Sleep Mode GTK control
- debian/patches/CVE-2015-5310.patch: Ignore Key Data in WNM Sleep Mode
Response frame if no PMF in use in wpa_supplicant/wnm_sta.c.
- CVE-2015-5310
* SECURITY UPDATE: EAP-pwd missing last fragment length validation
- debian/patches/CVE-2015-5315-1.patch: Fix last fragment length
validation in src/eap_peer/eap_pwd.c.
- debian/patches/CVE-2015-5315-2.patch: Fix last fragment length
validation in src/eap_server/eap_server_pwd.c.
- CVE-2015-5315
-- Marc Deslauriers <email address hidden> Mon, 09 Nov 2015 07:23:28 -0600
-
wpa (2.1-0ubuntu1.3) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via WPS UPnP
- debian/patches/CVE-2015-4141.patch: check chunk size in
src/wps/httpread.c.
- CVE-2015-4141
* SECURITY UPDATE: denial of service via AP mode WMM Action frame
- debian/patches/CVE-2015-4142.patch: check length in src/ap/wmm.c.
- CVE-2015-4142
* SECURITY UPDATE: denial of service via EAP-pwd
- debian/patches/CVE-2015-4143-4146.patch: check lengths in
src/eap_peer/eap_pwd.c, src/eap_server/eap_server_pwd.c.
- CVE-2015-4143
- CVE-2015-4144
- CVE-2015-4145
- CVE-2015-4146
-- Marc Deslauriers <email address hidden> Mon, 15 Jun 2015 10:34:37 -0400
-
wpa (2.1-0ubuntu1.2) trusty-security; urgency=medium
* SECURITY UPDATE: memcpy overflow in P2P functionality
- debian/patches/CVE-2015-1863.patch: validate SID element length in
src/p2p/p2p.c.
- CVE-2015-1863
-- Marc Deslauriers <email address hidden> Mon, 20 Apr 2015 13:45:07 -0400
-
wpa (2.1-0ubuntu1.1) trusty-security; urgency=medium
* SECURITY UPDATE: arbitrary command execution via unsanitized string
passed to action scripts by wpa_cli and hostapd_cli
- debian/patches/CVE-2014-3686.patch: added os_exec() helper to
src/utils/os.h, src/utils/os_unix.c, src/utils/os_win32.c,
use instead of system() in wpa_supplicant/wpa_cli.c,
hostapd/hostapd_cli.c.
- CVE-2014-3686
-- Marc Deslauriers <email address hidden> Fri, 10 Oct 2014 09:21:44 -0400
-
wpa (2.1-0ubuntu1) trusty; urgency=medium
* New upstream release (LP: #1099755)
* debian/get-orig-source: update for new git repository for the current
hostap/wpasupplicant versions.
* Dropped patches due to being applied upstream and included in the current
source tarball:
- debian/patches/11_wpa_gui_ftbfs_gcc_4_7.patch
- debian/patches/13_human_readable_signal.patch
- debian/patches/git_deinit_p2p_context_on_mgmt_remove_ff1f9c8.patch
- debian/patches/libnl3-includes.patch
* debian/patches/git_accept_client_cert_from_server.patch: revert the commit:
"OpenSSL: Do not accept SSL Client certificate for server", which breaks
many AAA servers that include both client and server EKUs. Cherry-picked
from hostap git commit b62d5b5.
-- Mathieu Trudel-Lapierre <email address hidden> Tue, 04 Mar 2014 16:13:24 -0500
-
wpa (1.0-3ubuntu4) trusty; urgency=low
* debian/patches/git_deinit_p2p_context_on_mgmt_remove_ff1f9c8.patch:
deinitialize the P2P context when the management interface gets removed for
whatever reason, such as a suspend/resume cycle. (LP: #1210785)
-- Mathieu Trudel-Lapierre <email address hidden> Mon, 18 Nov 2013 20:31:00 -0500
-
wpa (1.0-3ubuntu3) trusty; urgency=low
* debian/config/wpasupplicant/linux: enable EAP-FAST (LP: #34982)
-- Mathieu Trudel-Lapierre <email address hidden> Wed, 30 Oct 2013 09:25:39 -0700
-
wpa (1.0-3ubuntu2) saucy; urgency=low
* debian/config/wpasupplicant/linux:
- Enable CONFIG_AP_MODE (AP mode support) (LP: #1209511).
- Enable CONFIG_P2P (Wi-Fi Direct support).
-- Mathieu Trudel-Lapierre <email address hidden> Thu, 08 Aug 2013 10:20:17 -0400
