Your message dated Mon, 30 Sep 2019 21:32:11 +0000
with message-id <[email protected]>
and subject line Bug#934180: fixed in wpa 2:2.7+git20190128+0c1e29f-6+deb10u1
has caused the Debian Bug report #934180,
regarding wpa: CVE-2019-13377: Timing-based side-channel attack against WPA3's
Dragonfly handshake when using Brainpool curves
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
934180: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934180
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: wpa
Version: 2:2.8-3
Severity: grave
Tags: security upstream
Hi,
The following vulnerability was published for wpa.
CVE-2019-13377[0]:
| Timing-based side-channel attack against WPA3's Dragonfly handshake when using
| Brainpool curves
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-13377
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13377
[1] https://w1.fi/security/2019-6/
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: wpa
Source-Version: 2:2.7+git20190128+0c1e29f-6+deb10u1
We believe that the bug you reported is fixed in the latest version of
wpa, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andrej Shadura <[email protected]> (supplier of updated wpa package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 17 Sep 2019 11:58:08 +0200
Source: wpa
Architecture: source
Version: 2:2.7+git20190128+0c1e29f-6+deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Debian wpasupplicant Maintainers <[email protected]>
Changed-By: Andrej Shadura <[email protected]>
Closes: 934180 940080
Changes:
wpa (2:2.7+git20190128+0c1e29f-6+deb10u1) buster-security; urgency=medium
.
* SECURITY UPDATE:
- AP mode PMF disconnection protection bypass.
More details:
+ https://w1.fi/security/2019-7/
Closes: #940080 (CVE-2019-16275)
- Timing-based side-channel attack against WPA3's Dragonfly handshake
when using Brainpool curves.
More details:
+ https://w1.fi/security/2019-6/
+ https://wpa3.mathyvanhoef.com/
Closes: #934180 (CVE-2019-13377)
Checksums-Sha1:
f4df702cbe046768765ca84d92d3227362e61b38 2216
wpa_2.7+git20190128+0c1e29f-6+deb10u1.dsc
63799ab5b3cbd53a690bab9f9ddda4d8ab059c83 2286436
wpa_2.7+git20190128+0c1e29f.orig.tar.xz
1c4317fe155d2d81d3d0cab8b29450ef6de03cc8 105784
wpa_2.7+git20190128+0c1e29f-6+deb10u1.debian.tar.xz
Checksums-Sha256:
dfa899eb6942b76578c551a61f65ec53a539349989716b72aabf7eeabe0fe379 2216
wpa_2.7+git20190128+0c1e29f-6+deb10u1.dsc
4732f6dc4f2402347a37adea7f127ffce88ae3b27afc816b67f5b51199bd139e 2286436
wpa_2.7+git20190128+0c1e29f.orig.tar.xz
7dd463a6c56dc3461f314543b8078e1d5a0c1a6313c02d6f0f8d8fe2e1f45d89 105784
wpa_2.7+git20190128+0c1e29f-6+deb10u1.debian.tar.xz
Files:
1ed459936a0316445d06d39cd75d207e 2216 net optional
wpa_2.7+git20190128+0c1e29f-6+deb10u1.dsc
64f7dd7528079b006de5a5883ae05abd 2286436 net optional
wpa_2.7+git20190128+0c1e29f.orig.tar.xz
c25318da1277624d64f96ede3f14569b 105784 net optional
wpa_2.7+git20190128+0c1e29f-6+deb10u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEeuS9ZL8A0js0NGiOXkCM2RzYOdIFAl2CHSAACgkQXkCM2RzY
OdLFcQf/bAFRaaLBOtHzAvaiNDdHmpcanXIa8oVcLLIzY6fWBzhLo10LKuzaawZB
teiQcQdMmUHLNBTR4zxxZWXS6jVUUxGdPr6davNe35WGIWRMi7sc0nS1M4Tfr7aY
tLI3zBaTy9qzQ+Is9Lkit+1eRGfy0laOEnjRBR+3mDVooGLpYheN/cP15OebA1iH
TqAjFFJJJ95QgWGV5X8kL4fF3kamxA3TaFsIDzftezonhs/MhDhCHACc0rJJKRQ9
Fmpw/kWDM8fnKsg4tQG/tyNwYaDgYHHXZFbuKzpSAI6JjYJZT1Nh9G9ppFx/EUUt
2FBKgtnruQx8eqiOLIj3kDP9mMuXew==
=TX+9
-----END PGP SIGNATURE-----
--- End Message ---