[Secure-testing-commits] r33767 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2015-04-22 20:51:21 +0000 (Wed, 22 Apr 2015)
New Revision: 33767

Modified:
   data/CVE/list
Log:
Update for CVE-2015-1863/wpa

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-04-22 20:51:13 UTC (rev 33766)
+++ data/CVE/list	2015-04-22 20:51:21 UTC (rev 33767)
@@ -3864,9 +3864,11 @@
 CVE-2015-1863 [P2P SSID processing vulnerability]
 	RESERVED
 	- wpa <unfixed>
-	- wpasupplicant <removed>
+	- wpasupplicant <not-affected> (Vulnerable code present since v1.0)
 	NOTE: http://w1.fi/security/2015-1/
-	NOTE: WiFi P2P disabled in wheezy
+	NOTE: Vulnerable are v1.0-v2.4 with CONFIG_P2P build option enabled
+	NOTE: WiFi P2P is disabled in wheezy
+	NOTE: CONFIG_P2P enabled since 1.1-1 in debian/config/wpasupplicant/linux
 CVE-2015-1862
 	RESERVED
 	NOT-FOR-US: abrt is Red Hat / Fedora specific