[Git][security-tracker-team/security-tracker][master] 2 commits: wpa/CVE-2019-9494,CVE-2019-9496: ignore SAE-related vulnerabilities

Thu Apr 11 09:01:04 BST 2019


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
27d69418 by Sylvain Beucler at 2019-04-11T08:00:16Z
wpa/CVE-2019-9494,CVE-2019-9496: ignore SAE-related vulnerabilities

- - - - -
6f93468a by Sylvain Beucler at 2019-04-11T08:00:43Z
dla: add wpa

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -4525,6 +4525,7 @@ CVE-2019-9496 [SAE confirm missing state validation in hostapd/AP]
 	RESERVED
 	- wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
 	[stretch] - wpa <ignored> (SAE code not enabled for build in stretch)
+	[jessie] - wpa <ignored> (SAE code not enabled for build in jessie)
 	NOTE: https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt
 	NOTE: Patches: https://w1.fi/security/2019-3/
 	NOTE: CONFIG_SAE=y enabled since 2:2.7~git20180706+420b5dd-1
@@ -4537,6 +4538,7 @@ CVE-2019-9494 [cache attack against SAE]
 	RESERVED
 	- wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
 	[stretch] - wpa <ignored> (SAE code not enabled for build in stretch)
+	[jessie] - wpa <ignored> (SAE code not enabled for build in jessie)
 	NOTE: https://w1.fi/security/2019-1/sae-side-channel-attacks.txt
 	NOTE: Patches: https://w1.fi/security/2019-1/
 	NOTE: CONFIG_SAE=y enabled since 2:2.7~git20180706+420b5dd-1


=====================================
data/dla-needed.txt
=====================================
@@ -119,5 +119,7 @@ wireshark (Hugo Lefeuvre)
 wordpress
   NOTE: 20190401: remaining one issue (CVE-2019-8943). Waiting for upstream patch (abhijith)
 --
+wpa
+--
 xen (worked on by credative)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/63d96f2091f61645a2da5aacc6f2384b3496159a...6f93468a37b4f7d74dab38b49aa80d6e56c092d7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/63d96f2091f61645a2da5aacc6f2384b3496159a...6f93468a37b4f7d74dab38b49aa80d6e56c092d7
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190411/dffa19e4/attachment-0001.html>
