Ubuntu
wpa package

Change logs for wpa source package in Vivid

Vivid (15.04)
Change log

wpa (2.1-0ubuntu7.3) vivid-security; urgency=medium

  * SECURITY UPDATE: unauthorized WNM Sleep Mode GTK control
    - debian/patches/CVE-2015-5310.patch: Ignore Key Data in WNM Sleep Mode
      Response frame if no PMF in use in wpa_supplicant/wnm_sta.c.
    - CVE-2015-5310
  * SECURITY UPDATE: EAP-pwd missing last fragment length validation
    - debian/patches/CVE-2015-5315-1.patch: Fix last fragment length
      validation in src/eap_peer/eap_pwd.c.
    - debian/patches/CVE-2015-5315-2.patch: Fix last fragment length
      validation in src/eap_server/eap_server_pwd.c.
    - CVE-2015-5315

 -- Marc Deslauriers <email address hidden>  Mon, 09 Nov 2015 07:22:31 -0600

wpa (2.1-0ubuntu7.2) vivid-security; urgency=medium

  * SECURITY UPDATE: denial of service via WPS UPnP
    - debian/patches/CVE-2015-4141.patch: check chunk size in
      src/wps/httpread.c.
    - CVE-2015-4141
  * SECURITY UPDATE: denial of service via AP mode WMM Action frame
    - debian/patches/CVE-2015-4142.patch: check length in src/ap/wmm.c.
    - CVE-2015-4142
  * SECURITY UPDATE: denial of service via EAP-pwd
    - debian/patches/CVE-2015-4143-4146.patch: check lengths in
      src/eap_peer/eap_pwd.c, src/eap_server/eap_server_pwd.c.
    - CVE-2015-4143
    - CVE-2015-4144
    - CVE-2015-4145
    - CVE-2015-4146

 -- Marc Deslauriers <email address hidden>  Mon, 15 Jun 2015 10:32:33 -0400

wpa (2.1-0ubuntu7.1) vivid-security; urgency=medium

  * SECURITY UPDATE: memcpy overflow in P2P functionality
    - debian/patches/CVE-2015-1863.patch: validate SID element length in
      src/p2p/p2p.c.
    - CVE-2015-1863
 -- Marc Deslauriers <email address hidden>   Mon, 20 Apr 2015 13:42:02 -0400

wpa (2.1-0ubuntu7) vivid; urgency=medium

  Cherry-pick from Debian svn:
  * Add wpasupplicant_fix-systemd-unit-dependencies.patch: Fix systemd unit
    dependencies for wpasupplicant, it needs to be started before the network
    target (Closes: 780552, LP: #1431774).
 -- Martin Pitt <email address hidden>   Fri, 27 Mar 2015 14:07:35 +0100

wpa (2.1-0ubuntu6) vivid; urgency=medium

  * debian/patches/dbus-available-sta.patch: Make the list of connected
    stations available on DBus for hotspot mode; along with some of the
    station properties, such as rx/tx packets, bytes, capabilities, etc.
 -- Mathieu Trudel-Lapierre <email address hidden>   Fri, 19 Dec 2014 13:29:30 -0500

wpa (2.1-0ubuntu5) vivid; urgency=medium

  * debian/patches/android_hal_fw_path_change.patch: add a DBus method for
    requesting a firmware change when working with the Android HAL; this is
    used to set a device in P2P or AP mode; conditional to CONFIG_ANDROID_HAL
    being enabled.
  * debian/config/wpasupplicant/linux: enable CONFIG_ANDROID_HAL.
  * debian/control: Build-Depends on android-headers to get the required wifi
    headers for the HAL support.
 -- Mathieu Trudel-Lapierre <email address hidden>   Mon, 08 Dec 2014 21:05:25 -0500

wpa (2.1-0ubuntu4) utopic; urgency=medium

  * SECURITY UPDATE: arbitrary command execution via unsanitized string
    passed to action scripts by wpa_cli and hostapd_cli
    - debian/patches/CVE-2014-3686.patch: added os_exec() helper to
      src/utils/os.h, src/utils/os_unix.c, src/utils/os_win32.c,
      use instead of system() in wpa_supplicant/wpa_cli.c,
      hostapd/hostapd_cli.c.
    - CVE-2014-3686
 -- Marc Deslauriers <email address hidden>   Fri, 10 Oct 2014 09:15:39 -0400

Ubuntuwpa package

Change logs for wpa source package in Vivid

Ubuntu
wpa package