Changelog
wpa (2:2.4-1+deb9u3) stretch-security; urgency=high
* Apply a partial security fix for CVE-2019-9495:
- OpenSSL: Use constant time operations for private bignums.
- See https://w1.fi/security/2019-2/ for more details.
* Apply security fixes:
- EAP-pwd server: Detect reflection attacks (CVE-2019-9497)
- EAP-pwd client: Verify received scalar and element
(partial fix for CVE-2019-9498)
- EAP-pwd server: Verify received scalar and element
(partial fix for CVE-2019-9499)
- See https://w1.fi/security/2019-4/ for more details.
* Add an upstream patch to add crypto_ec_point_cmp() required
by the fixes for CVE-2019-9497.
* Forcefully enable compilation of the ECC code.
-- Andrej Shadura <email address hidden> Wed, 10 Apr 2019 18:57:51 +0200