[Git][security-tracker-team/security-tracker][master] new wpa issue

Moritz Muehlenhoff jmm at debian.org
Wed Aug 7 11:24:08 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8f5591a9 by Moritz Muehlenhoff at 2019-08-07T10:23:21Z
new wpa issue
brandy unimportant (as a source package, not the drink!)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -148,18 +148,21 @@ CVE-2015-9292
 CVE-2019-14666
 	RESERVED
 CVE-2019-14665 (Brandy 1.20.1 has a heap-based buffer overflow in define_array in vari ...)
-	- brandy <unfixed> (bug #933996)
+	- brandy <unfixed> (unimportant; bug #933996)
 	NOTE: https://sourceforge.net/p/brandy/bugs/8/
+	NOTE: Negligible security impact
 CVE-2019-14664 (In Enigmail below 2.1, an attacker in possession of PGP encrypted emai ...)
 	- enigmail <unfixed>
 	[jessie] - enigmail <end-of-life> (see https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html)
 	NOTE: https://sourceforge.net/p/enigmail/bugs/984/
 CVE-2019-14663 (Brandy 1.20.1 has a stack-based buffer overflow in fileio_openin in fi ...)
-	- brandy <unfixed> (bug #933996)
+	- brandy <unfixed> (unimportant; bug #933996)
 	NOTE: https://sourceforge.net/p/brandy/bugs/6/
+	NOTE: Negligible security impact
 CVE-2019-14662 (Brandy 1.20.1 has a stack-based buffer overflow in fileio_openout in f ...)
-	- brandy <unfixed> (bug #933996)
+	- brandy <unfixed> (unimportant; bug #933996)
 	NOTE: https://sourceforge.net/p/brandy/bugs/7/
+	NOTE: Negligible security impact
 CVE-2018-20960
 	RESERVED
 CVE-2018-20959
@@ -4764,6 +4767,15 @@ CVE-2019-13378
 	RESERVED
 CVE-2019-13377
 	RESERVED
+	- wpa <unfixed>
+	[stretch] - wpa <not-affected> (Introduced in 2.5)
+	[jessie] - wpa <not-affected> (Introduced in 2.5)
+	NOTE: https://wpa3.mathyvanhoef.com/#new
+	NOTE: https://w1.fi/cgit/hostap/commit/?id=8ad8585f91823ddcc3728155e288e0f9f872e31a
+	NOTE: https://w1.fi/cgit/hostap/commit/?id=70ff850e89fbc8bc7da515321b4d15b5eef70581
+	NOTE: https://w1.fi/cgit/hostap/commit/?id=d63edfa90243e9a7de6ae5c275032f2cc79fef95
+	NOTE: Added in v2.5: https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog:
+	NOTE:  "added support for Brainpool Elliptic Curves with SAE"
 CVE-2019-13376
 	RESERVED
 CVE-2019-13375 (A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f5591a99c49f95d6e2a91d4acea22357847c533

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f5591a99c49f95d6e2a91d4acea22357847c533
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190807/48efdb81/attachment.html>

More information about the debian-security-tracker-commits mailing list