Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

aircrack-ng: CVE-2014-8321 CVE-2014-8322 CVE-2014-8323 CVE-2014-8324

Related Vulnerabilities: CVE-2014-8321   CVE-2014-8322   CVE-2014-8323   CVE-2014-8324  

Source

Debian Bug report logs - #767979
aircrack-ng: CVE-2014-8321 CVE-2014-8322 CVE-2014-8323 CVE-2014-8324

version graph

Package: aircrack-ng; Maintainer for aircrack-ng is Debian Security Tools <team+pkg-security@tracker.debian.org>; Source for aircrack-ng is src:aircrack-ng (PTS, buildd, popcon).

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Mon, 3 Nov 2014 20:57:01 UTC

Severity: grave

Tags: security, upstream

Found in version aircrack-ng/1:1.2-0~beta3-1

Fixed in version aircrack-ng/1:1.2-0~beta3-2

Done: Carlos Alberto Lopez Perez <clopez@igalia.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Carlos Alberto Lopez Perez <clopez@igalia.com>:
Bug#767979; Package aircrack-ng. (Mon, 03 Nov 2014 20:57:06 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Carlos Alberto Lopez Perez <clopez@igalia.com>. (Mon, 03 Nov 2014 20:57:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: aircrack-ng: CVE-2014-8321 CVE-2014-8322 CVE-2014-8323 CVE-2014-8324
Date: Mon, 03 Nov 2014 21:53:17 +0100
Package: aircrack-ng
Version: 1:1.2-0~beta3-1
Severity: grave
Tags: security upstream

Hi,

the following vulnerabilities were published for aircrack-ng.

CVE-2014-8321[0]:
GPS stack overflow

CVE-2014-8322[1]:
tcp_test stack overflow

CVE-2014-8323[2]:
buddy-ng missing checkin data format

CVE-2014-8324[3]:
net_get missing check for invalid values

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2014-8321
[1] https://security-tracker.debian.org/tracker/CVE-2014-8322
[2] https://security-tracker.debian.org/tracker/CVE-2014-8323
[3] https://security-tracker.debian.org/tracker/CVE-2014-8324
[4] http://seclists.org/bugtraq/2014/Nov/1

Regards,
Salvatore

Added tag(s) pending. Request was from Carlos Lopez <clopez@igalia.com> to control@bugs.debian.org. (Wed, 12 Nov 2014 02:06:08 GMT) (full text, mbox, link).

Reply sent to Carlos Alberto Lopez Perez <clopez@igalia.com>:
You have taken responsibility. (Wed, 12 Nov 2014 03:39:10 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Wed, 12 Nov 2014 03:39:10 GMT) (full text, mbox, link).

Message #12 received at 767979-close@bugs.debian.org (full text, mbox, reply):

From: Carlos Alberto Lopez Perez <clopez@igalia.com>
To: 767979-close@bugs.debian.org
Subject: Bug#767979: fixed in aircrack-ng 1:1.2-0~beta3-2
Date: Wed, 12 Nov 2014 03:34:28 +0000
Source: aircrack-ng
Source-Version: 1:1.2-0~beta3-2

We believe that the bug you reported is fixed in the latest version of
aircrack-ng, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 767979@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Carlos Alberto Lopez Perez <clopez@igalia.com> (supplier of updated aircrack-ng package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 11 Nov 2014 23:41:52 +0100
Source: aircrack-ng
Binary: aircrack-ng
Architecture: source amd64
Version: 1:1.2-0~beta3-2
Distribution: unstable
Urgency: high
Maintainer: Carlos Alberto Lopez Perez <clopez@igalia.com>
Changed-By: Carlos Alberto Lopez Perez <clopez@igalia.com>
Description:
 aircrack-ng - wireless WEP/WPA cracking utilities
Closes: 767979
Changes:
 aircrack-ng (1:1.2-0~beta3-2) unstable; urgency=high
 .
   * Fix the following security vulnerabilities: (Closes: #767979)
     * CVE-2014-8321 - GPS stack overflow.
     * CVE-2014-8322 - tcp_test stack overflow.
     * CVE-2014-8323 - buddy-ng missing checkin data format.
     * CVE-2014-8324 - net_get missing check for invalid values.
   * Add missing dh-python package to Build-Depends.
Checksums-Sha1:
 3a4a3c3bd077794724ca206afacd07f6dd2e97e8 1928 aircrack-ng_1.2-0~beta3-2.dsc
 d08f06f789276499fdc8e5e15719bf581a5157aa 12164 aircrack-ng_1.2-0~beta3-2.debian.tar.xz
 786a78337073b3aa8a66ff546aea35d6af4bfc44 434760 aircrack-ng_1.2-0~beta3-2_amd64.deb
Checksums-Sha256:
 510ec91fcbc5976af0aa511d3efd50450675ab0120b2e5c2880e4e187a3ebc5e 1928 aircrack-ng_1.2-0~beta3-2.dsc
 f4e96249f9cdce3ec4f88f0a053ce803f462d80ba1a594e3fce7a2f0fbb5eb6f 12164 aircrack-ng_1.2-0~beta3-2.debian.tar.xz
 b1632cf2667361fe59103e844fe4191c0805ac30e4de8e2a9765055ffc1633cc 434760 aircrack-ng_1.2-0~beta3-2_amd64.deb
Files:
 5c5e9397e32d1c67762b31dd4b8c7a4e 1928 net optional aircrack-ng_1.2-0~beta3-2.dsc
 1dd67e6c3e1781f94b06b353c76c37b4 12164 net optional aircrack-ng_1.2-0~beta3-2.debian.tar.xz
 ca2b59dbdf344581d5314843826b7c9f 434760 net optional aircrack-ng_1.2-0~beta3-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUYr2+AAoJEJZQic5rlfiCbDMQALPm2YVPhuXAHz7zcj9VRLTY
JY9CdGllzlkNZ1IsjB3phpp0BQ6jCQT6sFefrWBuR0B0XH3Uegz7iMBBKEAm7ZFX
Uf4OJORLwIL3lpUGoC+SVs3wsSJPHIk1eGUaSJ+cxAKuZY/2Ue3r66miTBkJ/ls+
5q8UOD6+N0CvkVQ/6J2hQrEudb2Tk8p4p4t7fuWrmXIyzZyxmthN5P/02+u1qqU6
uIV+Iqv+M3gV0zMWBfteJzbm9dUQ6UA6Qp47EEeIqikQ/SGbGzQghk2oSCBOVl3/
4ibjaO/IcKZbVYKQ1NSA9kEU/JX5xgb3IODJoYQRFKUVcHouTKUpFL0uDNfHDp7R
0noEdZM++W58eE3FkCLKPsKa8/R2+0QSZ5GDj33S+ZBjAbS94pO9jnfOSPf/1agN
ReJJwEZ7J69287UN0dk1DgAOcMCGNmZryi0cm2ZDLy1DuznHsokwqH/6cPm4kJsS
L3oSkNu3NYIn5hmfd2PW2R4xUbTzKrx1bzAsxMUzXq12FxLev7KsPVOCKrDbDbG2
AxlVJhdgzpMB/NbPvnwuo1U+ongg1g5rd6eaqJtqEdYARrgIZKdoVzwwNw6huQhQ
WSuZtu8Qb9fOjBWOWpDtjOdE3zYHEKbpnRxH9zHz5CgDzQk3sQfj8FSXjgbYLOEq
sM5HXdN0ur840WZWH26Z
=GBNQ
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 13 Dec 2014 07:34:43 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 19:15:30 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started