Bug 208482
| Summary: | security/wpa_supplicant: several upstream security advisories (CVE-2015-{5310,5315,5316}) | ||
|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Jason Unovitch <junovitch> |
| Component: | Individual Port(s) | Assignee: | John Marino <marino> |
| Status: | Closed FIXED | ||
| Severity: | Affects Some People | CC: | ports-secteam |
| Priority: | --- | Keywords: | needs-patch, needs-qa, security |
| Version: | Latest | Flags: | bugzilla:
maintainer-feedback?
(marino) junovitch: merge-quarterly? |
| Hardware: | Any | ||
| OS: | Any | ||
| URL: | http://w1.fi/security/ | ||
|
Description
Jason Unovitch
2016-04-03 12:54:07 UTC
Are you letting me know, or is there a patch in the works that you would like to see approved? (In reply to John Marino from comment #1) I am just filing the report and am working on other things at the moment. A commit references this bug: Author: marino Date: Mon Apr 18 21:05:28 UTC 2016 New revision: 413609 URL: https://svnweb.freebsd.org/changeset/ports/413609 Log: security/wpa_supplicant: patch 4 CVE security advisories These patches address the following: CVE-2015-5310 CVE-2015-5314 CVE-2015-5315 CVE-2015-5316 These patches were developed upstream and published as a response to the security advisories. PR: 208482 Requested by: Jason Unovitch Changes: head/security/wpa_supplicant/Makefile head/security/wpa_supplicant/files/patch-2015-6-backported-WNM-Ignore-Key-Data-in-WNM-Sleep-Mode-Response-frame head/security/wpa_supplicant/files/patch-2015-7-EAP-pwd-peer-Fix-last-fragment-length-validation head/security/wpa_supplicant/files/patch-2015-7-EAP-pwd-server-Fix-last-fragment-length-validation head/security/wpa_supplicant/files/patch-2015-8-EAP-pwd-peer-Fix-error-path-for-unexpected-Confirm-m Thanks. If this requires any change to vuxml, you might want to go ahead and make those changes. A commit references this bug: Author: junovitch Date: Tue Apr 19 00:36:18 UTC 2016 New revision: 413617 URL: https://svnweb.freebsd.org/changeset/ports/413617 Log: Document wpa_supplicant security advisories PR: 208482 Security: CVE-2015-5310 Security: CVE-2015-5315 Security: CVE-2015-5316 Security: https://vuxml.FreeBSD.org/freebsd/976567f6-05c5-11e6-94fa-002590263bf5.html Changes: head/security/vuxml/vuln.xml A commit references this bug: Author: junovitch Date: Tue Apr 19 00:38:25 UTC 2016 New revision: 413618 URL: https://svnweb.freebsd.org/changeset/ports/413618 Log: MFH: r413609 security/wpa_supplicant: patch 3 CVE security advisories These patches were developed upstream and published as a response to the security advisories. PR: 208482 Security: CVE-2015-5310 Security: CVE-2015-5315 Security: CVE-2015-5316 Security: https://vuxml.FreeBSD.org/freebsd/976567f6-05c5-11e6-94fa-002590263bf5.html Approved by: ports-secteam (with hat) Changes: _U branches/2016Q2/ branches/2016Q2/security/wpa_supplicant/Makefile branches/2016Q2/security/wpa_supplicant/files/patch-2015-6-backported-WNM-Ignore-Key-Data-in-WNM-Sleep-Mode-Response-frame branches/2016Q2/security/wpa_supplicant/files/patch-2015-7-EAP-pwd-peer-Fix-last-fragment-length-validation branches/2016Q2/security/wpa_supplicant/files/patch-2015-7-EAP-pwd-server-Fix-last-fragment-length-validation branches/2016Q2/security/wpa_supplicant/files/patch-2015-8-EAP-pwd-peer-Fix-error-path-for-unexpected-Confirm-m (In reply to John Marino from comment #4) Thanks John, CVE-2015-5314 was for hostapd so that didn't need any documentation or mention as we don't support the option needed for the port to be impacted. |