[Secure-testing-commits] r56772 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Oct 17 05:04:49 UTC 2017
Author: carnil
Date: 2017-10-17 05:04:49 +0000 (Tue, 17 Oct 2017)
New Revision: 56772
Modified:
data/CVE/list
Log:
Add CVE-2017-13084 for wpa, but mark it as unimportant
Detailed explanation in upstream report and added to NOTE section.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-17 04:48:34 UTC (rev 56771)
+++ data/CVE/list 2017-10-17 05:04:49 UTC (rev 56772)
@@ -6022,6 +6022,14 @@
RESERVED
CVE-2017-13084
RESERVED
+ - wpa <unfixed> (unimportant)
+ NOTE: From https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
+ NOTE: As far as the related CVE-2017-13084 (reinstallation of the STK key in
+ NOTE: the PeerKey handshake) is concerned, it should be noted that PeerKey
+ NOTE: implementation in wpa_supplicant is not fully functional and the actual
+ NOTE: installation of the key into the driver does not work. As such, this
+ NOTE: item is not applicable in practice. Furthermore, the PeerKey handshake
+ NOTE: for IEEE 802.11e DLS is obsolete and not known to have been deployed.
CVE-2017-13083
RESERVED
CVE-2017-13082
More information about the Secure-testing-commits
mailing list