-
wpa (2.4-0ubuntu6.8) xenial-security; urgency=medium
* SECURITY UPDATE: DoS and possible code execution via P2P provision
discovery requests
- debian/patches/CVE-2021-27803-pre1.patch: cleanup handling of unknown
peer in PD Request processing in src/p2p/p2p_pd.c.
- debian/patches/CVE-2021-27803.patch: fix a corner case in peer
addition based on PD Request in src/p2p/p2p_pd.c.
- CVE-2021-27803
-- Marc Deslauriers <email address hidden> Mon, 01 Mar 2021 09:36:31 -0500
-
wpa (2.4-0ubuntu6.7) xenial-security; urgency=medium
* SECURITY UPDATE: P2P discovery heap overflow
- debian/patches/CVE-2021-0326.patch: P2P: Fix copying of secondary
device types for P2P group client
- CVE-2021-0326
* SECURITY UPDATE: UPnP SUBSCRIBE misbehavior in WPS AP
- debian/patches/CVE-2020-12695-1.patch: WPS UPnP: Do not allow
event subscriptions with URLs to other networks
- debian/patches/CVE-2020-12695-2.patch: WPS UPnP: Fix event message
generation using a long URL path
- debian/patches/CVE-2020-12695-3.patch: WPS UPnP: Handle HTTP
initiation failures for events more properly
- CVE-2020-12695
-- Steve Beattie <email address hidden> Tue, 09 Feb 2021 22:33:32 -0800
-
wpa (2.4-0ubuntu6.6) xenial-security; urgency=medium
* SECURITY UPDATE: Incorrect indication of disconnection in certain
situations
- debian/patches/CVE-2019-16275.patch: silently ignore management
frame from unexpected source address in src/ap/drv_callbacks.c,
src/ap/ieee882_11.c.
- CVE-2019-16275
-- <email address hidden> (Leonidas S. Barbosa) Tue, 17 Sep 2019 08:41:25 -0300
-
wpa (2.4-0ubuntu6.5) xenial-security; urgency=medium
* SECURITY UPDATE: EAP-pwd DoS via unexpected fragment
- debian/patches/CVE-2019-11555-1.patch: fix reassembly buffer handling
in src/eap_server/eap_server_pwd.c.
- debian/patches/CVE-2019-11555-2.patch: fix reassembly buffer handling
in src/eap_peer/eap_pwd.c.
- CVE-2019-11555
-- Marc Deslauriers <email address hidden> Wed, 01 May 2019 09:59:21 -0400
-
wpa (2.4-0ubuntu6.4) xenial-security; urgency=medium
* SECURITY UPDATE: Multiple security issues
- debian/patches/VU-871675/*.patch: backported upstream patches.
- CVE-2019-9495
- CVE-2019-9497
- CVE-2019-9498
- CVE-2019-9499
* SECURITY UPDATE: insecure os_random() fallback
- debian/patches/CVE-2016-10743.patch: Use only os_get_random() for PIN
generation.
- CVE-2016-10743
-- Marc Deslauriers <email address hidden> Tue, 09 Apr 2019 07:29:43 -0400
-
wpa (2.4-0ubuntu6.3) xenial-security; urgency=medium
* SECURITY UPDATE: Expose sensitive information
- debian/patches/CVE-2018-14526.patch: fix in src/rsn_supp/wpa.c.
- CVE-2018-14526
-- <email address hidden> (Leonidas S. Barbosa) Thu, 09 Aug 2018 12:51:53 -0300
-
wpa (2.4-0ubuntu6.2) xenial-security; urgency=medium
* SECURITY UPDATE: Multiple issues in WPA protocol
- debian/patches/2017-1/*.patch: Add patches from Debian stretch
- CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,
CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087,
CVE-2017-13088
* SECURITY UPDATE: Denial of service issues
- debian/patches/2016-1/*.patch: Add patches from Debian stretch
- CVE-2016-4476
- CVE-2016-4477
* This package does _not_ contain the changes from 2.4-0ubuntu6.1 in
xenial-proposed.
-- Marc Deslauriers <email address hidden> Mon, 16 Oct 2017 07:58:48 -0400
-
wpa (2.4-0ubuntu6.1) xenial; urgency=medium
* debian/patches/wpa_service_ignore-on-isolate.patch: Add IgnoreOnIsolate=yes
so when isolating to default.target as oem-config does, we don't stop
wpasupplicant and cause wifi to be unavailable. (LP: #1576024)
-- Mathieu Trudel-Lapierre <email address hidden> Thu, 31 Aug 2017 14:31:25 -0400
-
wpa (2.4-0ubuntu6) xenial; urgency=medium
* debian/patches/wpasupplicant_band_selection_aa517ae2.patch: add the last
missing 5 GHz band selection related cherry-pick from Debian that was not
included in wpa 2.4 (LP: #1517040)
-- Timo Jyrinki <email address hidden> Tue, 19 Jan 2016 12:36:00 +0200
-
wpa (2.4-0ubuntu5) xenial; urgency=medium
* SECURITY UPDATE: unauthorized WNM Sleep Mode GTK control
- debian/patches/CVE-2015-5310.patch: Ignore Key Data in WNM Sleep Mode
Response frame if no PMF in use in wpa_supplicant/wnm_sta.c.
- CVE-2015-5310
* SECURITY UPDATE: EAP-pwd missing last fragment length validation
- debian/patches/CVE-2015-5315-1.patch: Fix last fragment length
validation in src/eap_peer/eap_pwd.c.
- debian/patches/CVE-2015-5315-2.patch: Fix last fragment length
validation in src/eap_server/eap_server_pwd.c.
- CVE-2015-5315
* SECURITY UPDATE: EAP-pwd peer error path failure on unexpected Confirm
message
- debian/patches/CVE-2015-5316.patch: fix error path in
src/eap_peer/eap_pwd.c.
- CVE-2015-5316
* SECURITY UPDATE: denial of service in NDEF record parser
- debian/patches/CVE-2015-8041.patch: validate payload lengths in
src/wps/ndef.c.
- CVE-2015-8041
-- Marc Deslauriers <email address hidden> Tue, 10 Nov 2015 13:38:25 -0500
-
wpa (2.4-0ubuntu4) xenial; urgency=medium
* Add debian/system-sleep/wpasupplicant: Call wpa_cli suspend/resume
before/after suspend, like the pm-utils hook. In some cases this brings
back missing Wifi connection after resuming. (LP: #1422143)
-- Martin Pitt <email address hidden> Mon, 26 Oct 2015 14:24:30 +0100
-
wpa (2.4-0ubuntu3) wily; urgency=medium
* debian/patches/dbus-fix-operations-for-p2p-mgmt.patch: fix operations
when P2P management interface is used (LP: #1482439)
-- Ricardo Salveti de Araujo <email address hidden> Wed, 07 Oct 2015 10:21:39 -0300
