wpa 2:2.4-1+deb9u3 source package in Debian
Changelog
wpa (2:2.4-1+deb9u3) stretch-security; urgency=high
* Apply a partial security fix for CVE-2019-9495:
- OpenSSL: Use constant time operations for private bignums.
- See https://w1.fi/security/2019-2/ for more details.
* Apply security fixes:
- EAP-pwd server: Detect reflection attacks (CVE-2019-9497)
- EAP-pwd client: Verify received scalar and element
(partial fix for CVE-2019-9498)
- EAP-pwd server: Verify received scalar and element
(partial fix for CVE-2019-9499)
- See https://w1.fi/security/2019-4/ for more details.
* Add an upstream patch to add crypto_ec_point_cmp() required
by the fixes for CVE-2019-9497.
* Forcefully enable compilation of the ECC code.
-- Andrej Shadura <email address hidden> Wed, 10 Apr 2019 18:57:51 +0200
Upload details
- Uploaded by:
- Debian/Ubuntu wpasupplicant Maintainers
- Uploaded to:
- Stretch
- Original maintainer:
- Debian/Ubuntu wpasupplicant Maintainers
- Architectures:
- linux-any kfreebsd-any
- Section:
- net
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| wpa_2.4-1+deb9u3.dsc | 2.1 KiB | 8a876fc8dd2ef3cccea29a161944031201b8696008ca0fe629a412c79ea69934 |
| wpa_2.4.orig.tar.xz | 1.7 MiB | a1e4eda50796b2234a6cd2f00748bbe09f38f3f621919187289162faeb50b6b8 |
| wpa_2.4-1+deb9u3.debian.tar.xz | 97.1 KiB | b7390be9e0fc313e7c00485f5196b12a85be0925d067f74a3650be4c20edba6f |
No changes file available.
