Bug#928310: unblock: wpa/2:2.7+git20190128+0c1e29f-5

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug#928310: unblock: wpa/2:2.7+git20190128+0c1e29f-5

Salvatore Bonaccorso-4
Package: release.debian.org
Severity: normal
User: [hidden email]
Usertags: unblock

Hi release team,

[Not the maintainer here]

Please unblock package wpa. The followup update to unstable for wpa
2:2.7+git20190128+0c1e29f-5 fixes one additional security issue
("EAP-pwd message reassembly issue with unexpected fragment"). It got
CVE-2019-11555 later assigned.

+wpa (2:2.7+git20190128+0c1e29f-5) unstable; urgency=high
+
+  * Fix security issue 2019-5:
+    - EAP-pwd message reassembly issue with unexpected fragment
+      (Closes: #927463, no CVE assigned).
+
+ -- Andrej Shadura <[hidden email]>  Fri, 26 Apr 2019 14:55:52 +0200

Attached is the debdiff, and mantianer and Cyril Brulebois Cc'ed for a d-i ack.

unblock wpa/2:2.7+git20190128+0c1e29f-5

Regards,
Salvatore

Reply | Threaded
Open this post in threaded view
|

Bug#928310: unblock: wpa/2:2.7+git20190128+0c1e29f-5

Paul Gevers-4
Control: tags -1 d-i moreinfo confirmed

On 01-05-2019 22:08, Salvatore Bonaccorso wrote:
> Please unblock package wpa. The followup update to unstable for wpa
> 2:2.7+git20190128+0c1e29f-5 fixes one additional security issue
> ("EAP-pwd message reassembly issue with unexpected fragment"). It got
> CVE-2019-11555 later assigned.

This needs an ACK from d-i, but otherwise I'd unblock it.

Paul


signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Bug#928310: unblock: wpa/2:2.7+git20190128+0c1e29f-5

Salvatore Bonaccorso-4
In reply to this post by Salvatore Bonaccorso-4
Hi

Attached the debdiff between 2:2.7+git20190128+0c1e29f-4 and
2:2.7+git20190128+0c1e29f-5.

Regards,
Salvatore

wpa_2.7+git20190128+0c1e29f-5.debdiff (8K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Bug#928310: unblock: wpa/2:2.7+git20190128+0c1e29f-5

Cyril Brulebois-4
In reply to this post by Paul Gevers-4
Hi,

Paul Gevers <[hidden email]> (2019-05-01):
> Control: tags -1 d-i moreinfo confirmed
>
> On 01-05-2019 22:08, Salvatore Bonaccorso wrote:
> > Please unblock package wpa. The followup update to unstable for wpa
> > 2:2.7+git20190128+0c1e29f-5 fixes one additional security issue
> > ("EAP-pwd message reassembly issue with unexpected fragment"). It got
> > CVE-2019-11555 later assigned.
>
> This needs an ACK from d-i, but otherwise I'd unblock it.

Tested succesfully on bare metal: please go ahead.


Cheers,
--
Cyril Brulebois ([hidden email])            <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant

signature.asc (849 bytes) Download Attachment