[Secure-testing-commits] r37649 - data/CVE

Tue Nov 10 18:33:17 UTC 2015

Author: carnil
Date: 2015-11-10 18:33:17 +0000 (Tue, 10 Nov 2015)
New Revision: 37649

Modified:
   data/CVE/list
Log:
Add CVE-2015-531{4,5}/wpa

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-11-10 18:29:52 UTC (rev 37648)
+++ data/CVE/list	2015-11-10 18:33:17 UTC (rev 37649)
@@ -7074,10 +7074,24 @@
 	RESERVED
 CVE-2015-5316
 	RESERVED
-CVE-2015-5315
+CVE-2015-5315 [wpa_supplicant: EAP-pwd missing last fragment length validation]
 	RESERVED
-CVE-2015-5314
+	- wpa <unfixed>
+	[wheezy] - wpa <not-affected> (v2.0-v2.5 with CONFIG_EAP_PWD=y)
+	- wpasupplicant <not-affected> (v2.0-v2.5 with CONFIG_EAP_PWD=y)
+	- hostapd <not-affected> (v2.0-v2.5 with CONFIG_EAP_PWD=y)
+	NOTE: http://w1.fi/security/2015-7/
+	NOTE: https://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt
+	NOTE: https://w1.fi/security/2015-7/0001-EAP-pwd-peer-Fix-last-fragment-length-validation.patch
+CVE-2015-5314 [hostapd: EAP-pwd missing last fragment length validation]
 	RESERVED
+	- wpa <unfixed>
+	[wheezy] - wpa <not-affected> (v2.0-v2.5 with CONFIG_EAP_PWD=y)
+	- wpasupplicant <not-affected> (v2.0-v2.5 with CONFIG_EAP_PWD=y)
+	- hostapd <not-affected> (v2.0-v2.5 with CONFIG_EAP_PWD=y)
+	NOTE: http://w1.fi/security/2015-7/
+	NOTE: https://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt
+	NOTE: https://w1.fi/security/2015-7/0001-EAP-pwd-server-Fix-last-fragment-length-validation.patch
 CVE-2015-5313
 	RESERVED
 CVE-2015-5312


