Your message dated Thu, 29 Nov 2012 14:51:43 +0000
with message-id <1354200703.7995.18.ca...@deadeye.wl.decadent.org.uk>
and subject line Re: Bug#694716: firmware-nonfree: CVE-2012-2619
has caused the Debian Bug report #694716,
regarding firmware-nonfree: CVE-2012-2619
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
694716: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694716
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: firmware-nonfree
Severity: important
Tags: security
This seems to affect the firmware-brcm80211 package AFAICS:
http://www.coresecurity.com/content/broadcom-input-validation-BCM4325-BCM4329
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
On Thu, 2012-11-29 at 12:29 +0100, Moritz Muehlenhoff wrote:
> Package: firmware-nonfree
> Severity: important
> Tags: security
>
> This seems to affect the firmware-brcm80211 package AFAICS:
> http://www.coresecurity.com/content/broadcom-input-validation-BCM4325-BCM4329
The vulnerable firmware is for combo wifi+bluetooth devices.
The brcm80211 driver and firmware are for wifi-only devices: BCM4313,
BCM43224 and BCM43225 (*not* BCM4325). The first two of these are
explicitly listed as not vulnerable and since there's only a single
firmware image I doubt that it is vulnerable on only a single chip. The
quoted code bytes are also not present.
Ben.
--
Ben Hutchings
Never attribute to conspiracy what can adequately be explained by stupidity.
signature.asc
Description: This is a digitally signed message part
--- End Message ---
