| Package | wpa |
|---|---|
| Version | 2.3-1+deb8u11 |
| Related CVEs | CVE-2020-12695 |
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
For Debian 8 jessie, these problems have been fixed in version 2.3-1+deb8u11.
We recommend that you upgrade your wpa packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.