Accepted wpa 1.0-3+deb7u4 (source i386) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 14 May 2016 22:37:10 +0200
Source: wpa
Binary: hostapd wpagui wpasupplicant wpasupplicant-udeb
Architecture: source i386
Version: 1.0-3+deb7u4
Distribution: wheezy-security
Urgency: high
Maintainer: Debian/Ubuntu wpasupplicant Maintainers <pkg-wpa-devel@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
hostapd - user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authentica
wpagui - graphical user interface for wpa_supplicant
wpasupplicant - client support for WPA and WPA2 (IEEE 802.11i)
wpasupplicant-udeb - Client support for WPA and WPA2 (IEEE 802.11i) (udeb)
Changes:
wpa (1.0-3+deb7u4) wheezy-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2016-4476 and CVE-2016-4477.
A vulnerability was found in how hostapd and wpa_supplicant writes the
configuration file update for the WPA/WPA2 passphrase parameter. If this
parameter has been updated to include control characters either through a
WPS operation (CVE-2016-4476) or through local configuration change over
the wpa_supplicant control interface (CVE-2016-4477), the resulting
configuration file may prevent the hostapd and wpa_supplicant from starting
when the updated file is used. In addition for wpa_supplicant, it may be
possible to load a local library file and execute code from there with the
same privileges under which the wpa_supplicant process runs.
Checksums-Sha1:
7dad2bdebebec26e88c8ef226485d13b6cb695b8 2593 wpa_1.0-3+deb7u4.dsc
3df815106e085f02658a7143f0c9dfaffb54bdd7 95269 wpa_1.0-3+deb7u4.debian.tar.gz
dc25a2ec125ffceb3a9212b5902a160cfd41d0da 478424 hostapd_1.0-3+deb7u4_i386.deb
bb15f69f83fc4741b774c1aa5ff441597618b3f9 371350 wpagui_1.0-3+deb7u4_i386.deb
d337c798f3136694efb7a0fde8995e999ae16b92 609746 wpasupplicant_1.0-3+deb7u4_i386.deb
c7c3b8fb0f74e7222d184a99e35cfe7c388d06b1 150034 wpasupplicant-udeb_1.0-3+deb7u4_i386.udeb
Checksums-Sha256:
de7683fbd1721c140196e231a8706c60ccb61f89bf315195494f3902239485a5 2593 wpa_1.0-3+deb7u4.dsc
276bf57fb8c354e45143358b1832ed59b87358746bd84ea7696b8dfea6be9645 95269 wpa_1.0-3+deb7u4.debian.tar.gz
d54744f4dfc871597b57f2c3e271c0c0d6510f1077fc93fe141f48e6f9132f0f 478424 hostapd_1.0-3+deb7u4_i386.deb
048b8d9720cb6c50295d57a194fc5c16fab56a7241dda1e7813e7d7f2f7fa03e 371350 wpagui_1.0-3+deb7u4_i386.deb
3c7d60c3400d616aa3fb6fa20b04d325d5b0dfc6cb68d3c3181055729ba0ca1e 609746 wpasupplicant_1.0-3+deb7u4_i386.deb
a2f5c57e9e6d8d8b4b1fc861a36a2a6cf3cc7b1c043934be580f7801fd399dc1 150034 wpasupplicant-udeb_1.0-3+deb7u4_i386.udeb
Files:
507b0828c7492eda8a3c396c495a4b93 2593 net optional wpa_1.0-3+deb7u4.dsc
e4083b5ca35bb482381d3806e8004089 95269 net optional wpa_1.0-3+deb7u4.debian.tar.gz
63e4b041593d36fcbc24e08742f447e8 478424 net optional hostapd_1.0-3+deb7u4_i386.deb
6e1903cc441e46219ab1b71043dd1ba2 371350 net optional wpagui_1.0-3+deb7u4_i386.deb
3873e3e510a3a989741c8255ffe703c8 609746 net optional wpasupplicant_1.0-3+deb7u4_i386.deb
49724f6e2e107abaef6fe4faada65d95 150034 debian-installer standard wpasupplicant-udeb_1.0-3+deb7u4_i386.udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJXN45tXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkIDEP/0Xs/1DQLmfCsG5/bvt1ey/O
y6H/ZP/u6gNMK92Yma/u0o7XdqiUPMMqs/7WI/wdHoFqNhp8yRBotA/Rq+aZDl9n
tzRtsNA3k+/ZuKfbJGwb8fIz62DV4ExdCxV5yx7xB3y7uiGnA1mSHw7vS2DsKYYE
erx4fp2M8XsxHRVFW6spnCXZ9G2UiyflzLiteQLbmIiZ4lN4NrGhs1ig9HKxotGh
15s33s8MUrqEgEx8EM+vC0NSHS7FJnThb5Glo+XIuI/yQRQfRy1wq3p3HVzdUmL7
MgeCcqoYbUJu8AWCO4xSbbWrVKZ6GpF2puSpHYkO6n7u9o2sNIt5JW/R/Hvy07zV
EKiGQgcu+6S1x0gWR62cGD0cPdR+I5DbxiRX/g6kJfp/398k+HlftKTbdJen9BnO
y9Yf5PDeLVtKFsNoUlbMLshefc0zfp7B05SEKWUlUAGpS/2s46dcRz2zTvgY/yXb
ZvA+6Ab+cdV/yyPvRPelbTTHcPgBw6rO+89uYEMsPcU3pEDfzgnXyy0LgfukI8Dh
i3XSxh17J+LqpZ5VPneU/r8fTxjEtOhhoxevK8VV4yVC6TwXqSzgIGxdPmMjQcOp
EM/xYv8gl1/yZo+FGZdnNqT24l54YO5bUCUMwpP2tGiHz0dJXeuDdFlpHnYAyMIS
Yh20ccFJwiXPHbwvGxkj
=rlGo
-----END PGP SIGNATURE-----