-
wpa (2.1-0ubuntu4.2) utopic-security; urgency=medium
* SECURITY UPDATE: denial of service via WPS UPnP
- debian/patches/CVE-2015-4141.patch: check chunk size in
src/wps/httpread.c.
- CVE-2015-4141
* SECURITY UPDATE: denial of service via AP mode WMM Action frame
- debian/patches/CVE-2015-4142.patch: check length in src/ap/wmm.c.
- CVE-2015-4142
* SECURITY UPDATE: denial of service via EAP-pwd
- debian/patches/CVE-2015-4143-4146.patch: check lengths in
src/eap_peer/eap_pwd.c, src/eap_server/eap_server_pwd.c.
- CVE-2015-4143
- CVE-2015-4144
- CVE-2015-4145
- CVE-2015-4146
-- Marc Deslauriers <email address hidden> Mon, 15 Jun 2015 10:33:55 -0400
-
wpa (2.1-0ubuntu4.1) utopic-security; urgency=medium
* SECURITY UPDATE: memcpy overflow in P2P functionality
- debian/patches/CVE-2015-1863.patch: validate SID element length in
src/p2p/p2p.c.
- CVE-2015-1863
-- Marc Deslauriers <email address hidden> Mon, 20 Apr 2015 13:44:35 -0400
-
wpa (2.1-0ubuntu4) utopic; urgency=medium
* SECURITY UPDATE: arbitrary command execution via unsanitized string
passed to action scripts by wpa_cli and hostapd_cli
- debian/patches/CVE-2014-3686.patch: added os_exec() helper to
src/utils/os.h, src/utils/os_unix.c, src/utils/os_win32.c,
use instead of system() in wpa_supplicant/wpa_cli.c,
hostapd/hostapd_cli.c.
- CVE-2014-3686
-- Marc Deslauriers <email address hidden> Fri, 10 Oct 2014 09:15:39 -0400
-
wpa (2.1-0ubuntu3) utopic; urgency=medium
* debian/patches/git_update_scan_res_for_apscan_1_068e3877.patch: update
scan results when using ap_scan=1; this avoids 4-way handshake failures
while roaming. (LP: #1348105)
-- Mathieu Trudel-Lapierre <email address hidden> Mon, 22 Sep 2014 18:28:29 +0100
-
wpa (2.1-0ubuntu2) utopic; urgency=medium
* No-change rebuild with pkg-create-dbgsym 0.65 so that the full set of
debug symbol packages are generated.
-- Colin Watson <email address hidden> Sat, 26 Jul 2014 22:26:29 +0100
-
wpa (2.1-0ubuntu1) trusty; urgency=medium
* New upstream release (LP: #1099755)
* debian/get-orig-source: update for new git repository for the current
hostap/wpasupplicant versions.
* Dropped patches due to being applied upstream and included in the current
source tarball:
- debian/patches/11_wpa_gui_ftbfs_gcc_4_7.patch
- debian/patches/13_human_readable_signal.patch
- debian/patches/git_deinit_p2p_context_on_mgmt_remove_ff1f9c8.patch
- debian/patches/libnl3-includes.patch
* debian/patches/git_accept_client_cert_from_server.patch: revert the commit:
"OpenSSL: Do not accept SSL Client certificate for server", which breaks
many AAA servers that include both client and server EKUs. Cherry-picked
from hostap git commit b62d5b5.
-- Mathieu Trudel-Lapierre <email address hidden> Tue, 04 Mar 2014 16:13:24 -0500