[Secure-testing-commits] r37647 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2015-11-10 18:28:34 +0000 (Tue, 10 Nov 2015)
New Revision: 37647

Modified:
   data/CVE/list
Log:
Add CVE-2015-5310/wpa

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-11-10 17:01:40 UTC (rev 37646)
+++ data/CVE/list	2015-11-10 18:28:34 UTC (rev 37647)
@@ -7090,8 +7090,14 @@
 	[squeeze] - pdns <not-affected> (Only 3.4.4 and later affected)
 	- pdns-recursor <not-affected> (recursor not affected)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/11/09/3
-CVE-2015-5310
+CVE-2015-5310 [wpa_supplicant unauthorized WNM Sleep Mode GTK control]
 	RESERVED
+	- wpa <unfixed>
+	[wheezy] - wpa <not-affected> (v2.0-v2.5 with CONFIG_WNM=y)
+	- wpasupplicant <not-affected> (v2.0-v2.5 with CONFIG_WNM=y)
+	- hostapd <not-affected> (v2.0-v2.5 with CONFIG_WNM=y)
+	NOTE: http://w1.fi/security/2015-6/
+	NOTE: https://w1.fi/security/2015-6/0001-WNM-Ignore-Key-Data-in-WNM-Sleep-Mode-Response-frame.patch
 CVE-2015-5309 [memory-corrupting integer overflow in the handling of the ECH (erase characters) control sequence]
 	RESERVED
 	- putty 0.66-1