1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1064062: iwd: CVE-2023-52161

    From Moritz =?UTF-8?Q?M=C3=BChlenhoff?=@21:1/5 to All on Fri Feb 16 16:20:01 2024
    Source: iwd
    X-Debbugs-CC: team@security.debian.org
    Severity: grave
    Tags: security

    Hi,

    The following vulnerability was published for iwd.

    CVE-2023-52161[0]:
    https://www.top10vpn.com/research/wifi-vulnerabilities/

    While this mentions a patch for wpasupplication, it's not obvious
    if this was reported/fixed in iwd.


    If you fix the vulnerability please also make sure to include the
    CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

    For further information see:

    [0] https://security-tracker.debian.org/tracker/CVE-2023-52161
    https://www.cve.org/CVERecord?id=CVE-2023-52161

    Please adjust the affected versions in the BTS as needed.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Salvatore Bonaccorso@21:1/5 to All on Fri Feb 16 23:00:01 2024
    Hi,

    On Fri, Feb 16, 2024 at 04:15:19PM +0100, Moritz Mühlenhoff wrote:
    Source: iwd
    X-Debbugs-CC: team@security.debian.org
    Severity: grave
    Tags: security

    Hi,

    The following vulnerability was published for iwd.

    CVE-2023-52161[0]:
    https://www.top10vpn.com/research/wifi-vulnerabilities/

    While this mentions a patch for wpasupplication, it's not obvious
    if this was reported/fixed in iwd.

    The iwd commit is https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=6415420f1c92012f64063c131480ffcef58e60ca
    .

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Sat Feb 17 00:40:01 2024
    This is a multi-part message in MIME format...

    Your message dated Sat, 17 Feb 2024 00:33:38 +0100
    with message-id <170812641824.14347.11711839181991027094@auryn.jones.dk>
    and subject line Re: Bug#1064062: iwd: CVE-2023-52161
    has caused the Debian Bug report #1064062,
    regarding iwd: CVE-2023-52161
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org
    immediately.)


    --
    1064062: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064062
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    Received: (at submit) by bugs.debian.org; 16 Feb 2024 15:15:23 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
    (2021-04-09) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-3.9 required=4.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
    SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
    autolearn_force=no version=3.4.6-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 14; hammy, 121; neutral, 27; spammy,
    0. spammytokens: hammytokens:0.000-+--H*RU:inutil.org,
    0.000-+--H*r:jmm, 0.000-+--UD:security-tracker.debian.org,
    0.000-+--securitytrackerdebianorg, 0.000-+--security-tracker.debian.org Return-path: <jmm@inutil.org>
    Received: from inutil.org ([109.69.64.57]:59752 helo=viruvalge.hosting.plutex.de)
    by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
  • From Debian Bug Tracking System@21:1/5 to All on Sun Feb 25 15:00:01 2024
    This is a multi-part message in MIME format...

    Your message dated Sun, 25 Feb 2024 13:48:02 +0000
    with message-id <E1reErK-00815Z-2x@fasolo.debian.org>
    and subject line Bug#1064062: fixed in iwd 1.14-3+deb11u1
    has caused the Debian Bug report #1064062,
    regarding iwd: CVE-2023-52161
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org
    immediately.)


    --
    1064062: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064062
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    Received: (at submit) by bugs.debian.org; 16 Feb 2024 15:15:23 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
    (2021-04-09) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-3.9 required=4.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
    SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
    autolearn_force=no version=3.4.6-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 14; hammy, 121; neutral, 27; spammy,
    0. spammytokens: hammytokens:0.000-+--H*RU:inutil.org,
    0.000-+--H*r:jmm, 0.000-+--UD:security-tracker.debian.org,
    0.000-+--securitytrackerdebianorg, 0.000-+--security-tracker.debian.org Return-path: <jmm@inutil.org>
    Received: from inutil.org ([109.69.64.57]:59752 helo=viruvalge.hosting.plutex.de)
    by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)