Debian 10262 Published by

An wpa security update has been released for Debian GNU/Linux 8 LTS to address the CallStranger issue.



ELA-240-1 wpa security update

Package wpa
Version 2.3-1+deb8u11
Related CVE CVE-2020-12695

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

For Debian 8 jessie, these problems have been fixed in version 2.3-1+deb8u11.

We recommend that you upgrade your wpa packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-240-1 wpa security update