[Secure-testing-commits] r37505 - data/CVE

Mon Nov 2 12:30:24 UTC 2015

Author: carnil
Date: 2015-11-02 12:30:24 +0000 (Mon, 02 Nov 2015)
New Revision: 37505

Modified:
   data/CVE/list
Log:
Add fixed version for wpa issues

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-11-02 11:53:32 UTC (rev 37504)
+++ data/CVE/list	2015-11-02 12:30:24 UTC (rev 37505)
@@ -6678,7 +6678,7 @@
 CVE-2011-5322 (GE Healthcare Centricity Analytics Server 1.1 has a default password ...)
 	NOT-FOR-US: GE Healthcare Centricity Analytics Server
 CVE-2015-XXXX [Incomplete WPS and P2P NFC NDEF record payload length validation]
-	- wpa <unfixed> (bug #795740)
+	- wpa 2.3-2.2 (bug #795740)
 	- wpasupplicant <removed>
 	[squeeze] - wpasupplicant <not-affected> (0.7.0-v2.4 with with CONFIG_WPS_NFC=y)
 	- hostapd <removed>
@@ -11516,7 +11516,7 @@
 	NOTE: https://bitbucket.org/jwilk/didjvu/issue/8
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/09/7
 CVE-2015-4146 (The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 ...)
-	- wpa <unfixed> (bug #787371)
+	- wpa 2.3-2.2 (bug #787371)
 	[wheezy] - wpa <not-affected> (Vulnerable code introduced later)
 	NOTE: support for fragmentation added in https://w1.fi/cgit/hostap/commit/?id=5ea93947ca67ba83529798b806a15b247cdb2e93
 	- wpasupplicant <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
@@ -11526,7 +11526,7 @@
 	NOTE: http://w1.fi/security/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
 	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
 CVE-2015-4145 (The EAP-pwd server and peer implementation in hostapd and ...)
-	- wpa <unfixed> (bug #787371)
+	- wpa 2.3-2.2 (bug #787371)
 	[wheezy] - wpa <not-affected> (Vulnerable code introduced later)
 	NOTE: support for fragmentation added in https://w1.fi/cgit/hostap/commit/?id=5ea93947ca67ba83529798b806a15b247cdb2e93
 	- wpasupplicant <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
@@ -11537,7 +11537,7 @@
 	NOTE: http://w1.fi/security/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
 	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
 CVE-2015-4144 (The EAP-pwd server and peer implementation in hostapd and ...)
-	- wpa <unfixed> (bug #787371)
+	- wpa 2.3-2.2 (bug #787371)
 	[wheezy] - wpa <not-affected> (Vulnerable code introduced later)
 	NOTE: support for fragmentation added in https://w1.fi/cgit/hostap/commit/?id=5ea93947ca67ba83529798b806a15b247cdb2e93
 	- wpasupplicant <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
@@ -11548,7 +11548,7 @@
 	NOTE: http://w1.fi/security/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
 	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
 CVE-2015-4143 (The EAP-pwd server and peer implementation in hostapd and ...)
-	- wpa <unfixed> (bug #787371)
+	- wpa 2.3-2.2 (bug #787371)
 	- wpasupplicant <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
 	- hostapd <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
 	NOTE: http://w1.fi/security/2015-4/
@@ -11558,7 +11558,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
 CVE-2015-4142 (Integer underflow in the WMM Action frame parser in hostapd 0.5.5 ...)
 	{DLA-260-1}
-	- wpa <unfixed> (bug #787373)
+	- wpa 2.3-2.2 (bug #787373)
 	- wpasupplicant <removed>
 	[squeeze] - wpasupplicant <not-affected> (0.7.0-v2.4 with with specific configurations)
 	- hostapd <removed>
@@ -11566,7 +11566,7 @@
 	NOTE: http://w1.fi/security/2015-3/integer-underflow-in-ap-mode-wmm-action-frame.txt
 	NOTE: http://www.openwall.com/lists/oss-security/2015/05/09/5
 CVE-2015-4141 (The WPS UPnP function in hostapd, when using WPS AP, and ...)
-	- wpa <unfixed> (bug #787372)
+	- wpa 2.3-2.2 (bug #787372)
 	- wpasupplicant <removed> (unimportant)
 	[squeeze] - wpasupplicant <not-affected> (Affects v0.7.0-v2.4 with CONFIG_WPS_ER=y in the build configuration)
 	- hostapd <removed>


