[Secure-testing-commits] r37475 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Oct 31 10:54:48 UTC 2015 

Author: carnil
Date: 2015-10-31 10:54:48 +0000 (Sat, 31 Oct 2015)
New Revision: 37475

Modified:
   data/CVE/list
Log:
Update status for wpa on CVE-2015-414{4,5,6}

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-10-31 09:49:38 UTC (rev 37474)
+++ data/CVE/list	2015-10-31 10:54:48 UTC (rev 37475)
@@ -11491,6 +11491,8 @@
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/09/7
 CVE-2015-4146 (The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 ...)
 	- wpa <unfixed> (bug #787371)
+	[wheezy] - wpa <not-affected> (Vulnerable code introduced later)
+	NOTE: support for fragmentation added in https://w1.fi/cgit/hostap/commit/?id=5ea93947ca67ba83529798b806a15b247cdb2e93
 	- wpasupplicant <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
 	- hostapd <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
 	NOTE: http://w1.fi/security/2015-4/
@@ -11499,6 +11501,8 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
 CVE-2015-4145 (The EAP-pwd server and peer implementation in hostapd and ...)
 	- wpa <unfixed> (bug #787371)
+	[wheezy] - wpa <not-affected> (Vulnerable code introduced later)
+	NOTE: support for fragmentation added in https://w1.fi/cgit/hostap/commit/?id=5ea93947ca67ba83529798b806a15b247cdb2e93
 	- wpasupplicant <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
 	- hostapd <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
 	NOTE: http://w1.fi/security/2015-4/
@@ -11508,6 +11512,8 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
 CVE-2015-4144 (The EAP-pwd server and peer implementation in hostapd and ...)
 	- wpa <unfixed> (bug #787371)
+	[wheezy] - wpa <not-affected> (Vulnerable code introduced later)
+	NOTE: support for fragmentation added in https://w1.fi/cgit/hostap/commit/?id=5ea93947ca67ba83529798b806a15b247cdb2e93
 	- wpasupplicant <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
 	- hostapd <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
 	NOTE: http://w1.fi/security/2015-4/

More information about the Secure-testing-commits mailing list