[Secure-testing-commits] r37650 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Nov 10 18:35:21 UTC 2015


Author: carnil
Date: 2015-11-10 18:35:21 +0000 (Tue, 10 Nov 2015)
New Revision: 37650

Modified:
   data/CVE/list
Log:
Add CVE-2015-5316/wpa

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-11-10 18:33:17 UTC (rev 37649)
+++ data/CVE/list	2015-11-10 18:35:21 UTC (rev 37650)
@@ -7072,8 +7072,15 @@
 	RESERVED
 CVE-2015-5317
 	RESERVED
-CVE-2015-5316
+CVE-2015-5316 [EAP-pwd peer error path failure on unexpected Confirm message]
 	RESERVED
+	- wpa <unfixed>
+	[wheezy] - wpa <not-affected> (v2.3-v2.5 with CONFIG_EAP_PWD=y)
+	- wpasupplicant <not-affected> (v2.3-v2.5 with CONFIG_EAP_PWD=y)
+	- hostapd <not-affected> (v2.3-v2.5 with CONFIG_EAP_PWD=y)
+	NOTE: http://w1.fi/security/2015-8/
+	NOTE: https://w1.fi/security/2015-8/eap-pwd-unexpected-confirm.txt
+	NOTE: https://w1.fi/security/2015-8/0001-EAP-pwd-peer-Fix-error-path-for-unexpected-Confirm-m.patch
 CVE-2015-5315 [wpa_supplicant: EAP-pwd missing last fragment length validation]
 	RESERVED
 	- wpa <unfixed>




More information about the Secure-testing-commits mailing list