-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3052-1                   security@debian.org
http://www.debian.org/security/                           Michael Gilbert
October 15, 2014                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : wpa
CVE ID         : CVE-2014-3686
Debian Bug     : 765352

Jouni Malinen discovered an input sanitization issue in the wpa_cli and
hostapd_cli tools included in the wpa package.  A remote wifi system
within range could provide a crafted string triggering arbitrary code
execution running with privileges of the affected wpa_cli or hostapd_cli
process.

For the stable distribution (wheezy), this problem has been fixed in
version 1.0-3+deb7u1.

For the testing distribution (jessie), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 2.3-1.

We recommend that you upgrade your wpa packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQQcBAEBCgAGBQJUP0NCAAoJELjWss0C1vRzUI0f/0+0H+kYgMDFtpdD9ujvGd4J
Su4KrAw3ZfX+4HXaBn0LrF8siOMChdCmsNDGp54B3PnCTNNuC1I13wDu01jgqJGa
sQnnie4XeTKF3hRLm1BLIkp5ozwtLKxEZA1KYoaVOEJq/06wO7YGNJG+ObDMFcUG
pJbqqtpBaQ/f2NhY3N4RfOgBuVsEPDSw2vYA9aaXJp1gilOJWkenCvrIvmMwWnHu
bslSiqlv7TozQY387cPUKCco19mRcskkl87eaL2ptQ4q67p4yB2Rw6NHJp+HnC1T
EQhLBVJJiE0PTqYckVVtU0yRuj5yqgRB8Pgq6Qe7/n3LdKhemnMsT3QuTzMJbSUI
Dxro/54MM9NzggbqoqaCTZDkv3E6MuFvnkB1r5r/9I57L3f1iSX9sBU23LTRq146
dcvyaQZwB93rPHvM18tMOS+cnx2cylyQdwIxsSzOrfYbqBE6ibJ/VbQTUJAo/yEs
7wHDB5FN3KTfWygPS+MbiO+ZTuBlV7bGQs0lli07guDLkt8PPSjkctF/ycK4CiO1
u3DCDpoeB+7gN6kwHAEq+FlCH64UDac9YsZFXmvh+QBJ3hecy4Sg5vF0KnEzJaLb
6bQmoCnw4hXkBfqdMeVgdDQNmDTRMWM31gD1MKZmyXFQioeUeK7jIi8zWo7Q9LQp
bFIoegAgBXtjUNs2+XNyAWVUC61e5iPTzbPS4m9EibKNV2kKmcSDLvgyprz24Wrq
0sVVv2MC0tA6g5eD4Xkcjs4ERrgjcEJHye0p2pUkxOie0ln2olGnUmMIMp3LJ9au
zo7LAk1TI4KppJBRj0o34qykXU//M0mG+Y6I2GZMsfamqcCOPq41sXHpm8c/EyUA
Uv91COG9z3JfEvw8X6PHxU/ZB/K6mwi/8fldBTBXmCAGaBLyKF2m3IHhv7l9TWpx
qs70ldpz82yE9nP4j79su8qglrLF1X6Ef5ClySe7/l4DlkyKy1/LJc//7hG7ml8T
ukmiLoNDEDUMBKqOxX6w5fOVtoGDrn7jyZVlEgAhGSb78UckOKnaGgf+hLd/PD98
rCYuw9qoAbUYmja7PG5AKfxz7VfRL3rOvbt4DfBYXd1F6UiJVLLVmLOshBW050qe
AYxMCnjRFUYcWrOjX2YjAaEEYHvIA0ZewBWXo17/bKOK0GCAwm9v4xi263qjkC9F
2e3Qg1HaEMxwN4TFpEigpUL429OwLagvR/5nrd/XBl14WSXhbcUw4UENNd2L2bv9
wM2Y4UoB8q8X6T2Vb8CwYNW8t8hRRbB/caV6wQLeh0L1QMMFqf/SCBQ5VFRMXUag
GTknMs9oYCT0EXg0ketGSKKMfNzQLinUD1cFl+vbt7yw5aNGY9PqlqBQVMQCmBg=
=7z9s
-----END PGP SIGNATURE-----