[Secure-testing-commits] r34153 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sun May 10 04:53:33 UTC 2015


Author: carnil
Date: 2015-05-10 04:53:33 +0000 (Sun, 10 May 2015)
New Revision: 34153

Modified:
   data/CVE/list
Log:
Add three new issues fo wpa/wpasupplicant/hostapd

NOTE: for now only added temporary items to tracker and left TODO. There
are different set of affected versions for the new issues, which need to
be checked and updated.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-05-09 21:10:17 UTC (rev 34152)
+++ data/CVE/list	2015-05-10 04:53:33 UTC (rev 34153)
@@ -1,3 +1,27 @@
+CVE-2015-XXXX [EAP-pwd missing payload length validation]
+	- wpa <unfixed>
+	- wpasupplicant <removed>
+	- hostapd <removed>
+	NOTE: http://w1.fi/security/2015-4/
+	NOTE: http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/07/5
+	TODO: check
+CVE-2015-XXXX [Integer underflow in AP mode WMM Action frame processing]
+	- wpa <unfixed>
+	- wpasupplicant <removed>
+	- hostapd <removed>
+	NOTE: http://w1.fi/security/2015-3/
+	NOTE: http://w1.fi/security/2015-3/integer-underflow-in-ap-mode-wmm-action-frame.txt
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/09/5
+	TODO: check
+CVE-2015-XXXX [WPS UPnP vulnerability with HTTP chunked transfer encoding]
+	- wpa <unfixed>
+	- wpasupplicant <removed>
+	- hostapd <removed>
+	NOTE: http://w1.fi/security/2015-2/
+	NOTE: http://w1.fi/security/2015-2/wps-upnp-http-chunked-transfer-encoding.txt
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/09/4
+	TODO: check
 CVE-2015-XXXX [incorrect parsing of from header when assigning pgp keys]
 	- semi 1.14.7~0.20120428-17 (bug #784712)
 	[squeeze] - semi <no-dsa> (Minor issue)




More information about the Secure-testing-commits mailing list