ELA-240-1 wpa security update

the CallStranger issue in wpa

2020-07-13
Packagewpa
Version2.3-1+deb8u11
Related CVEs CVE-2020-12695


The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.



For Debian 8 jessie, these problems have been fixed in version 2.3-1+deb8u11.

We recommend that you upgrade your wpa packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.