wpa: CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length validation

Debian Bug report logs - #787371
wpa: CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length validation

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: wpa: CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length validation

Date: Sun, 31 May 2015 22:36:15 +0200

Source: wpa
Version: 2.3-1
Severity: important
Tags: security upstream fixed-upstream

Hi,

the following vulnerabilities were published for wpa.

CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146 for the
"EAP-pwd missing payload length validation" issue[0].

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
    https://marc.info/?l=oss-security&m=143309748931862&w=2
[1] https://security-tracker.debian.org/tracker/CVE-2015-4143
[2] https://security-tracker.debian.org/tracker/CVE-2015-4144
[3] https://security-tracker.debian.org/tracker/CVE-2015-4145
[4] https://security-tracker.debian.org/tracker/CVE-2015-4146

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Message #12 received at 787371@bugs.debian.org (full text, mbox, reply):

From: Julian Wollrath <jwollrath@web.de>

To: 787371@bugs.debian.org

Cc: Moritz Muehlenhoff <jmm@inutil.org>

Subject: Re: wpa: CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length validation

Date: Sat, 24 Oct 2015 17:04:56 +0200

[Message part 1 (text/plain, inline)]

tags 787371 patch

Hi,

I attached a patch to fix these (and more) security issues for jessie.
For unstable I uploaded an updated package to [1], that fixes the
security issues and updates the package to upstream version 2.5.

Since I am no Debian Developer, I will not be able to upload these
updates to the archive.


Cheers,
Julian

[1] http://rbw.goe.net/jw/debian

[wpa_security_update.diff (text/x-patch, attachment)]

Message #17 received at 787371@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Julian Wollrath <jwollrath@web.de>, 787371@bugs.debian.org

Cc: Moritz Muehlenhoff <jmm@inutil.org>

Subject: Re: Bug#787371: wpa: CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length validation

Date: Sun, 25 Oct 2015 16:14:56 +0100

Hi Julian,

On Sat, Oct 24, 2015 at 05:04:56PM +0200, Julian Wollrath wrote:
> +wpa (2.3-1+deb8u2) jessie-security; urgency=high
> +
> +  * Add fixes for http://w1.fi/security/2015-5/
> +  * Add fixes for CVE-2015-4141, CVE-2015-4142, CVE-2015-4143, CVE-2015-4144,
> +    CVE-2015-4145, CVE-2015-4146 (Closes: #787371).

Only looked from a changelog point of view: Please close as well the
other releated bugs in the changelog entries:

fixes for http://w1.fi/security/2015-5/ -> #795740
CVE-2015-4141 -> #787372
CVE-2015-4142 -> #787373
CVE-2015-4143 -> #787371
CVE-2015-4144 -> #787371
CVE-2015-4145 -> #787371
CVE-2015-4146 -> #787371

(you can find the information via the security-tracker, i.e.
https://security-tracker.debian.org/wpa)

The reason i filled different bug reports is that different version
ranges are affected, so that we have proper version tracking as well
for the BTS.

Thanks for having worked on that update and attached your patchset.
Hav you worked as well on wheezy?

Regards,
Salvatore

Message #22 received at 787371@bugs.debian.org (full text, mbox, reply):

From: Julian Wollrath <jwollrath@web.de>

To: Salvatore Bonaccorso <carnil@debian.org>

Cc: 787371@bugs.debian.org, Moritz Muehlenhoff <jmm@inutil.org>

Subject: Re: Bug#787371: wpa: CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length validation

Date: Mon, 26 Oct 2015 14:30:39 +0100

Hi Salvatore,

Am Sun, 25 Oct 2015 16:14:56 +0100
schrieb Salvatore Bonaccorso <carnil@debian.org>:

> Hi Julian,
> 
> On Sat, Oct 24, 2015 at 05:04:56PM +0200, Julian Wollrath wrote:
> > +wpa (2.3-1+deb8u2) jessie-security; urgency=high
> > +
> > +  * Add fixes for http://w1.fi/security/2015-5/
> > +  * Add fixes for CVE-2015-4141, CVE-2015-4142, CVE-2015-4143,
> > CVE-2015-4144,
> > +    CVE-2015-4145, CVE-2015-4146 (Closes: #787371).  
> 
> Only looked from a changelog point of view: Please close as well the
> other releated bugs in the changelog entries:
> 
> fixes for http://w1.fi/security/2015-5/ -> #795740
> CVE-2015-4141 -> #787372
> CVE-2015-4142 -> #787373
> CVE-2015-4143 -> #787371
> CVE-2015-4144 -> #787371
> CVE-2015-4145 -> #787371
> CVE-2015-4146 -> #787371
> 
> (you can find the information via the security-tracker, i.e.
> https://security-tracker.debian.org/wpa)
> 
> The reason i filled different bug reports is that different version
> ranges are affected, so that we have proper version tracking as well
> for the BTS.
ok. I can change that. Not sure though, if I have time for it today.

> 
> Thanks for having worked on that update and attached your patchset.
> Hav you worked as well on wheezy?
No I have not and I am unsure, if I have time do look at it before the
weekend.

Cheers,
Julian

Message #27 received at 787371@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Julian Wollrath <jwollrath@web.de>, 787371@bugs.debian.org

Cc: Moritz Muehlenhoff <jmm@inutil.org>

Subject: Re: Bug#787371: wpa: CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing payload length validation

Date: Tue, 27 Oct 2015 21:54:30 +0100

Hi Julian,

On Mon, Oct 26, 2015 at 02:30:39PM +0100, Julian Wollrath wrote:
> Hi Salvatore,
> 
> Am Sun, 25 Oct 2015 16:14:56 +0100
> schrieb Salvatore Bonaccorso <carnil@debian.org>:
> 
> > Hi Julian,
> > 
> > On Sat, Oct 24, 2015 at 05:04:56PM +0200, Julian Wollrath wrote:
> > > +wpa (2.3-1+deb8u2) jessie-security; urgency=high
> > > +
> > > +  * Add fixes for http://w1.fi/security/2015-5/
> > > +  * Add fixes for CVE-2015-4141, CVE-2015-4142, CVE-2015-4143,
> > > CVE-2015-4144,
> > > +    CVE-2015-4145, CVE-2015-4146 (Closes: #787371).  
> > 
> > Only looked from a changelog point of view: Please close as well the
> > other releated bugs in the changelog entries:
> > 
> > fixes for http://w1.fi/security/2015-5/ -> #795740
> > CVE-2015-4141 -> #787372
> > CVE-2015-4142 -> #787373
> > CVE-2015-4143 -> #787371
> > CVE-2015-4144 -> #787371
> > CVE-2015-4145 -> #787371
> > CVE-2015-4146 -> #787371
> > 
> > (you can find the information via the security-tracker, i.e.
> > https://security-tracker.debian.org/wpa)
> > 
> > The reason i filled different bug reports is that different version
> > ranges are affected, so that we have proper version tracking as well
> > for the BTS.
> ok. I can change that. Not sure though, if I have time for it today.
> 
> > 
> > Thanks for having worked on that update and attached your patchset.
> > Hav you worked as well on wheezy?
> No I have not and I am unsure, if I have time do look at it before the
> weekend.

I will tentatively look into it soon in the next few days as well.

Regards,
Salvatore

Message #32 received at 787371@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 787371@bugs.debian.org, 787372@bugs.debian.org, 787373@bugs.debian.org, 795740@bugs.debian.org

Subject: wpa: diff for NMU version 2.3-2.2

Date: Sat, 31 Oct 2015 14:32:50 +0100

[Message part 1 (text/plain, inline)]

Control: tags 787371 + patch
Control: tags 787371 + pending
Control: tags 787372 + patch
Control: tags 787372 + pending
Control: tags 787373 + patch
Control: tags 787373 + pending
Control: tags 795740 + pending

Dear maintainer,

I've prepared an NMU for wpa (versioned as 2.3-2.2) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards,
Salvatore

[wpa-2.3-2.2-nmu.diff (text/x-diff, attachment)]

Message #41 received at 787371-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 787371-close@bugs.debian.org

Subject: Bug#787371: fixed in wpa 2.3-2.2

Date: Mon, 02 Nov 2015 13:49:34 +0000

Source: wpa
Source-Version: 2.3-2.2

We believe that the bug you reported is fixed in the latest version of
wpa, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 787371@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated wpa package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 31 Oct 2015 14:13:50 +0100
Source: wpa
Binary: hostapd wpagui wpasupplicant wpasupplicant-udeb
Architecture: source
Version: 2.3-2.2
Distribution: unstable
Urgency: high
Maintainer: Debian wpasupplicant Maintainers <pkg-wpa-devel@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 787371 787372 787373 795740
Description: 
 hostapd    - IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
 wpagui     - graphical user interface for wpa_supplicant
 wpasupplicant - client support for WPA and WPA2 (IEEE 802.11i)
 wpasupplicant-udeb - Client support for WPA and WPA2 (IEEE 802.11i) (udeb)
Changes:
 wpa (2.3-2.2) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Add patch to address CVE-2015-4141.
     CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer
     encoding. (Closes: #787372)
   * Add patch to address CVE-2015-4142.
     CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing.
     (Closes: #787373)
   * Add patches to address CVE-2015-414{3,4,5,6}
     CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing
     payload length validation. (Closes: #787371)
   * Add patch to address 2015-5 vulnerability.
     NFC: Fix payload length validation in NDEF record parser (Closes: #795740)
   * Thanks to Julian Wollrath <jwollrath@web.de> for the initial debdiff
     provided in #787371.
Checksums-Sha1: 
 75150beb3fb26d4109b539b4ce888463998878d6 2444 wpa_2.3-2.2.dsc
 328926f300bcae025a18b0009dc873ffbcbb5c12 84500 wpa_2.3-2.2.debian.tar.xz
Checksums-Sha256: 
 53a491d3de23b568ccbb368bfc417d20aff2d2c92d74ddd3c0569e187ae3611d 2444 wpa_2.3-2.2.dsc
 89a6cd317af34695d7aa4ff8d1e3b8c80de03d86b338935d8605cdb89a3b8789 84500 wpa_2.3-2.2.debian.tar.xz
Files: 
 4a754d8ca6b01384f4dcc853d250c943 2444 net optional wpa_2.3-2.2.dsc
 db6f18f88aace7294e99d65d53440140 84500 net optional wpa_2.3-2.2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWNMGdAAoJEAVMuPMTQ89EkzYP/2gtvy7H22t6nEas+tUyxTpm
nhb2VQ2tnh473DBA5fypjJhBku+F8/vlEyhVC8zsbYfH+4NdS7lgJjrl/IW1tjct
9ZBlcGFKLbtMliQzTID4/Q2oKNodgyBFsWhno8ZgOw6pa9W/bUf5KNtbADHq9fv6
lxXOxgrUnICtKwU8rGU0h0gpnEjl+OLGC1P7r+jnIpXvfjdG7x5X3Nadnlfw9tHo
kXErE2npfXfZzUv3Y2/0KnWV/IRdmD/+8IdwvCGSM4TTZdOpXViZEh6K7ioWX8nJ
kRS83YjPnQNaj0WB+d+4gzneCoqh49q6oLqhTp4hJ46vCSMP64tbsolvYbYBpa5y
zeUQeYXlOnN2HH8zFqzp4dN8CD6rfT2Cv9Co12YMizglLt+Y5qatNiQi5EXUr3be
cUA/e22gzVj21dqP2OwI9zuOFOR75Q2dSB/eZ9fexri89xFKj8D7fI6XrrMz9Jx4
ABaRiWk5k6vAgrcjPrzBFgH+HmkL7QBlfYjLwCdfa1Pz02tk33qH67I0Fz7mTOfe
+dAiXW/D+outNErQDIrhWVYkOqKTAnmktNUej6+fUs9mmzKq6ZFSbSXIAIWzlENa
flxIxSGjFYL7e2qRn1Eti4ffZOcdYgOf9yCINgYG+uCR/QtFtb5IY9suW1j/pL/h
eB4GpTyvWzWeJZ87ooIg
=SIcU
-----END PGP SIGNATURE-----

Message #46 received at 787371-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 787371-close@bugs.debian.org

Subject: Bug#787371: fixed in wpa 2.3-1+deb8u2

Date: Sun, 15 Nov 2015 22:47:12 +0000

Source: wpa
Source-Version: 2.3-1+deb8u2

We believe that the bug you reported is fixed in the latest version of
wpa, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 787371@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated wpa package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 31 Oct 2015 10:07:44 +0100
Source: wpa
Binary: hostapd wpagui wpasupplicant wpasupplicant-udeb
Architecture: source
Version: 2.3-1+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Debian wpasupplicant Maintainers <pkg-wpa-devel@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 787371 787372 787373 795740
Description: 
 hostapd    - IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
 wpagui     - graphical user interface for wpa_supplicant
 wpasupplicant - client support for WPA and WPA2 (IEEE 802.11i)
 wpasupplicant-udeb - Client support for WPA and WPA2 (IEEE 802.11i) (udeb)
Changes:
 wpa (2.3-1+deb8u2) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add patch to address CVE-2015-4141.
     CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer
     encoding. (Closes: #787372)
   * Add patch to address CVE-2015-4142.
     CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing.
     (Closes: #787373)
   * Add patches to address CVE-2015-414{3,4,5,6}
     CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing
     payload length validation. (Closes: #787371)
   * Add patch to address 2015-5 vulnerability.
     NFC: Fix payload length validation in NDEF record parser (Closes: #795740)
   * Add patch to address CVE-2015-5310.
     CVE-2015-5310: wpa_supplicant unauthorized WNM Sleep Mode GTK control.
Checksums-Sha1: 
 2bd8c477e68b3e50fe985ef04c86d1edf199a885 2496 wpa_2.3-1+deb8u2.dsc
 ce5177ea6587fe13dfb6626b5c54a99d86d990d5 79656 wpa_2.3-1+deb8u2.debian.tar.xz
Checksums-Sha256: 
 81ece78630a18b622e00c98bd8080be0dbe624a9a717850d61d156a8d4923763 2496 wpa_2.3-1+deb8u2.dsc
 214421d0ff41ebe0ad8f0564ecbbfde7aaf8fb92a49d69d2ba6eb38611dbaf5f 79656 wpa_2.3-1+deb8u2.debian.tar.xz
Files: 
 8f7361599ef95fdea887d17766903b76 2496 net optional wpa_2.3-1+deb8u2.dsc
 e5b886814e66c4b2ab08005385dd8ee4 79656 net optional wpa_2.3-1+deb8u2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWNIoDAAoJEAVMuPMTQ89ER4kP/iVsz/89JxxQfJvuTJijQclo
3m1T6+ZkG1QopVYZJTruAsHo6l5gvYccVgqTmXKO6n7ZgFlw/DA14qZK/tOFLJdi
D4EZNIG3e42aNMkB6Z0NtgfixkIiemh6gzCEvix/WOAbiUUkhgTOyZaCRGXIiJ+1
pbsztfP8CnNYwd2nuaCgWMZAijAGVs++NrSpXoJ0qB7HZ9VsbDJpW1DFNNrxqq9c
0nk+tcCJRw6VebdW6Li7jY1I1fuI0rjvCUQnexUg/UVyR/TxW0iI74zQwHeS+w8t
QurvTIJSM6dZs2Yg/jq8kCh7NPVvluO8rSP7cV4oseObBObhnBPBwANdi3xNehx+
zU2d3H+Yuj2SGcaZl6I9y/LdqduqNSdDa8pHpui7ABltMxLqQqloCs2bZ8XUQZVQ
59ydcVqPAgweWD13NcRpMraMre8RRIyDYniiE4SNr6meZ/SB6PWCtPffE6zAMBnU
sPYN3CNxlZ923X9dfFn5yz7VqAG6RhMaNHdcSz3MKwabEfREfSb5XGTlB3ARn0ga
gJGRNzqvgdCfvojKueb5ZCf/IklaJeaoQa7i/DTYegcBtTa1GvbMqwxRIQKApn8H
cw1cp97rs/C/0ufghv7+oJkMCqzH/1k7619T5YrBPP+26DrhDx1eABC/TuHAJKm6
lHKO7uSj3QmCAcGqZkge
=HCUC
-----END PGP SIGNATURE-----

Message #51 received at 787371-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 787371-close@bugs.debian.org

Subject: Bug#787371: fixed in wpa 1.0-3+deb7u3

Date: Sat, 19 Dec 2015 12:17:40 +0000

Source: wpa
Source-Version: 1.0-3+deb7u3

We believe that the bug you reported is fixed in the latest version of
wpa, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 787371@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated wpa package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 31 Oct 2015 12:08:04 +0100
Source: wpa
Binary: hostapd wpagui wpasupplicant wpasupplicant-udeb
Architecture: source amd64
Version: 1.0-3+deb7u3
Distribution: wheezy-security
Urgency: high
Maintainer: Debian/Ubuntu wpasupplicant Maintainers <pkg-wpa-devel@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 hostapd    - user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authentica
 wpagui     - graphical user interface for wpa_supplicant
 wpasupplicant - client support for WPA and WPA2 (IEEE 802.11i)
 wpasupplicant-udeb - Client support for WPA and WPA2 (IEEE 802.11i) (udeb)
Closes: 787371 787372 787373 795740
Changes: 
 wpa (1.0-3+deb7u3) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add patch to address CVE-2015-4141.
     CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer
     encoding. (Closes: #787372)
   * Add patch to address CVE-2015-4142.
     CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing.
     (Closes: #787373)
   * Add patches to address CVE-2015-4143.
     CVE-2015-4143: EAP-pwd missing payload length validation. (Closes: #787371)
   * Add patch to address 2015-5 vulnerability.
     NFC: Fix payload length validation in NDEF record parser.
     Note that this issue does not affect the binary packages distributed in
     Debian in Wheezy as CONFIG_WPS_NFC=y is not set in the build
     configuration. (Closes: #795740)
Checksums-Sha1: 
 b20ebaad39b20846d972989ade1a53869f4a45fd 2463 wpa_1.0-3+deb7u3.dsc
 c8b598746226794755936ec65567ccd3ac6e6ad7 92310 wpa_1.0-3+deb7u3.debian.tar.gz
 478ea237efe34fbaac4b5eca0a7ab897153f761c 476674 hostapd_1.0-3+deb7u3_amd64.deb
 77109d23e9da5a2441ad3f0b1b395e7ba355b9cf 368738 wpagui_1.0-3+deb7u3_amd64.deb
 ee51bf56c33007cb1262173660f0ff6d976f465d 608780 wpasupplicant_1.0-3+deb7u3_amd64.deb
 6fb202375cddaeae5dd967274b7242293ac66aa1 154888 wpasupplicant-udeb_1.0-3+deb7u3_amd64.udeb
Checksums-Sha256: 
 0f679e8232a14fd1160f4bd71e2395b9bcf1ba4590ec1a1ed81267b1da29f68b 2463 wpa_1.0-3+deb7u3.dsc
 02ac96a5c1e0b7b4800de2c41b2e175b82edeb9e76cc79e446a895c9c37f0f8b 92310 wpa_1.0-3+deb7u3.debian.tar.gz
 0a3f852f4497a646ebeca93daf9cab9311ae364fd39063d77c48c61ca6a0f1c1 476674 hostapd_1.0-3+deb7u3_amd64.deb
 deba0fff2c80d85b7bad45a41fcb680729b3cf8d90561951edd83c832c97f95e 368738 wpagui_1.0-3+deb7u3_amd64.deb
 97c914c9da2c65df15a3c1ea660cdbed36a2d899be7cdf47be93c309c518602a 608780 wpasupplicant_1.0-3+deb7u3_amd64.deb
 3a5deff760cbf88139e6a7bb97b8a972c38beae93e79d4e17da3cfb0c4c029f1 154888 wpasupplicant-udeb_1.0-3+deb7u3_amd64.udeb
Files: 
 519d6bc86784e8d89822b4a4c15b101b 2463 net optional wpa_1.0-3+deb7u3.dsc
 31a410124f4e79e81508d7063ea0b99d 92310 net optional wpa_1.0-3+deb7u3.debian.tar.gz
 99dd3614c27ecb251f4e92eec0e2d0af 476674 net optional hostapd_1.0-3+deb7u3_amd64.deb
 47c78dee014c29252c4ef14709630424 368738 net optional wpagui_1.0-3+deb7u3_amd64.deb
 c2e171b018f0eb5a7bf96f2e3c359bfb 608780 net optional wpasupplicant_1.0-3+deb7u3_amd64.deb
 1decde4b669199fe4a42c4bd7c699812 154888 debian-installer standard wpasupplicant-udeb_1.0-3+deb7u3_amd64.udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWNOgAAAoJEAVMuPMTQ89EReEP/0jZVM4dr7axiunPmKiUGRtf
LeqETfFNjb5VSdUCbRw4qaX0zKqidvDOIJ0NRL1Ev8WkH4JE8G2Cytg8LGNa68NL
juXJCu4pMbojO2/bH6O41U0tlt6kDKbKETjAdmfg3+6hQ0n0NNwcZwDplLU4Smb9
EkYksVNcp59a2g1+wXIWoJFGf9tIEcgOA6NbOpK+z7tlyF3B6f9vIfBsGwD+x+My
7SvUdXLUTyBgl5dn9qdMzGUEAMMFwv6d3KaLwrhvif6yg2R82E9sFVJ2z50LIihE
sbC2NhkTglAD8CUxbGMZkZrTJmF7R/RLzryS4OERThej2EXxGjFSXVOF9D8c3Q3P
oEymXeA0GmGkb3zKrxYEAQATfv/F1hRtZvWFutoemfaGeqwG0FAIGQti4FAP6y41
W1sOIeozium7eedkzx8wEItdy3KS/CitR+BHvqQOguuuv0ak4WmDU/sQ4+3IzIQi
viPSjlKzM5et2OZQyKHGg3dIHwTKDmZxIG9WRrp6AurqoJ3g3gCY++CDFfOqtbnf
OCxzOpBKCFHJFibBUB3IboV3W7gQntDLfpE1LMz2Lj3M20awqx4RXx5z4zBKK76h
BiMTJaCwhxoQRcmUDUvBPMokTtQX1XrQyc4N86awkrEGwHFmqf2CedkT3uuCjUy1
AbfSMgKbkY3gViuN9e6a
=kPO6
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.