Package: firmware-brcm80211 Version: 0.43 Severity: critical Tags: security upstream Justification: root security hole
Dear Maintainer, CVE-2017-8386 "BroadPwn" has been around for a while. It seems Debian ships the relevant firmware in this package. Could I impose on you to ensure that all is as it should be? Many thanks. Mark https://nvd.nist.gov/vuln/detail/CVE-2017-8386 https://security-tracker.debian.org/tracker/CVE-2017-9417 https://packages.debian.org/search?keywords=firmware-brcm80211 http://boosterok.com/blog/broadpwn/ -- System Information: Debian Release: 8.9 APT prefers testing APT policy: (1000, 'testing'), (1000, 'stable'), (1000, 'oldstable'), (500, 'oldstable-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
