[Secure-testing-commits] r34158 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sun May 10 05:59:06 UTC 2015


Author: carnil
Date: 2015-05-10 05:59:06 +0000 (Sun, 10 May 2015)
New Revision: 34158

Modified:
   data/CVE/list
Log:
Update information for EAP-pwd wpa issue

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-05-10 05:55:07 UTC (rev 34157)
+++ data/CVE/list	2015-05-10 05:59:06 UTC (rev 34158)
@@ -8,12 +8,11 @@
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/09/7
 CVE-2015-XXXX [EAP-pwd missing payload length validation]
 	- wpa <unfixed>
-	- wpasupplicant <removed>
-	- hostapd <removed>
+	- wpasupplicant <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
+	- hostapd <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
 	NOTE: http://w1.fi/security/2015-4/
 	NOTE: http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/07/5
-	TODO: check
 CVE-2015-XXXX [Integer underflow in AP mode WMM Action frame processing]
 	- wpa <unfixed>
 	- wpasupplicant <removed>




More information about the Secure-testing-commits mailing list