Hi latexer, there's a vulnerability in xsupplicant according to secunia that can lead to the remote execution of arbitrary code from a local network. Please could you bump out 1.2.8, thanks. No stabilisation request will be needed because there's no stable arch for this package. Description: A vulnerability has been reported in Xsupplicant, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "eap_do_notify()" function. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted EAP packet. Successful exploitation may allow the execution of arbitrary code with "root" privileges. Solution: Update to version 1.2.8.
Since we appear to have a bit more info on bug #154995, I'm closing this one eventhough it was the first. *** This bug has been marked as a duplicate of 154995 ***