Format: 1.8 Date: Tue, 13 Aug 2019 13:59:04 -0400 Source: wpa Binary: hostapd wpagui wpasupplicant wpasupplicant-udeb Architecture: ppc64el ppc64el_translations Version: 2:2.6-21ubuntu3.2 Distribution: disco Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: hostapd - IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator wpagui - graphical user interface for wpa_supplicant wpasupplicant - client support for WPA and WPA2 (IEEE 802.11i) wpasupplicant-udeb - Client support for WPA and WPA2 (IEEE 802.11i) (udeb) Changes: wpa (2:2.6-21ubuntu3.2) disco-security; urgency=medium . * SECURITY UPDATE: SAE/EAP-pwd side-channel attack w/Brainpool curves - debian/patches/CVE-2019-13377-2.patch: use const_time_memcmp() for pwd_value >= prime comparison in src/eap_common/eap_pwd_common.c. - debian/patches/CVE-2019-13377-3.patch: use BN_bn2binpad() or BN_bn2bin_padded() if available in src/crypto/crypto_openssl.c. - debian/patches/CVE-2019-13377-5.patch: run through prf result processing even if it >= prime in src/eap_common/eap_pwd_common.c. - debian/patches/CVE-2019-13377-pre6.patch: disallow ECC groups with a prime under 256 bits in src/eap_common/eap_pwd_common.c. - debian/patches/CVE-2019-13377-6.patch: disable use of groups using Brainpool curves in src/eap_common/eap_pwd_common.c. - CVE-2019-13377 Checksums-Sha1: 76b8807fda884eb8640ba24bf8d0b1d43176e467 620940 hostapd_2.6-21ubuntu3.2_ppc64el.deb 645c164e853cebcebf2e48501f13973f47f97658 13777 wpa_2.6-21ubuntu3.2_ppc64el.buildinfo 5a0d6cc6330689f1c70ce8065868e5d77d64cf93 5905 wpa_2.6-21ubuntu3.2_ppc64el_translations.tar.gz 37390fbcc89497495c25f1fb41727e13ac6de4a9 268444 wpagui_2.6-21ubuntu3.2_ppc64el.deb 4763bff274d60fbb7d8f412667ca6d1b68bd7c25 255900 wpasupplicant-udeb_2.6-21ubuntu3.2_ppc64el.udeb b923477a808fe1758a9a1a8822f131997dcd0c73 1082764 wpasupplicant_2.6-21ubuntu3.2_ppc64el.deb Checksums-Sha256: fc31f91feb4c1ff78545d340574b04cea7e047a5dcb56ca1ddc680b4339a8093 620940 hostapd_2.6-21ubuntu3.2_ppc64el.deb 96c2dc00a28b892dad1cadb23f511a29cdca474de9b0003f6bb5a932efc88727 13777 wpa_2.6-21ubuntu3.2_ppc64el.buildinfo 1d7996c1e49d94b2f960cccff55bfc277fb5cc8a2d745d2e17e43280a9979de4 5905 wpa_2.6-21ubuntu3.2_ppc64el_translations.tar.gz 3fe5492d0e2a93154615ea45dd07d7ca0d1a5430704fcc074e140a3ae34a5c45 268444 wpagui_2.6-21ubuntu3.2_ppc64el.deb 70c3adc04b5162cf3af21f7ab74c7a29d4e2084b831e2293491dbb3fc0a26d37 255900 wpasupplicant-udeb_2.6-21ubuntu3.2_ppc64el.udeb 8857ad201f2052429562d422028dd0a2acaecfdda15438e2af7b8a0b56f563c1 1082764 wpasupplicant_2.6-21ubuntu3.2_ppc64el.deb Files: 4922d21fb410a92e499541f81ae1ea69 620940 net optional hostapd_2.6-21ubuntu3.2_ppc64el.deb 4d023ed6a556db6234f2569571a539f3 13777 net optional wpa_2.6-21ubuntu3.2_ppc64el.buildinfo bfc5653d06576033678bc67260df48bd 5905 raw-translations - wpa_2.6-21ubuntu3.2_ppc64el_translations.tar.gz 8cf284e6db9f27c2177a41c8383359c3 268444 net optional wpagui_2.6-21ubuntu3.2_ppc64el.deb 93b343b8866c7cc4ea960a40d63fd4e9 255900 debian-installer standard wpasupplicant-udeb_2.6-21ubuntu3.2_ppc64el.udeb c42ff4fc1c2fcad0c7eb9f5d3f018a89 1082764 net optional wpasupplicant_2.6-21ubuntu3.2_ppc64el.deb Original-Maintainer: Debian wpasupplicant Maintainers