Summary: | security/vuxml: Document multiple security vulnerabilities in hostapd | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Craig Leres <leres> | ||||
Component: | Individual Port(s) | Assignee: | Mark Felder <feld> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Only Me | CC: | feld | ||||
Priority: | --- | Flags: | bugzilla:
maintainer-feedback?
(ports-secteam) |
||||
Version: | Latest | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
I just submitted PR 217907 which upgrades hostapd to 2.6 and solves the vulnerabilities listed in this PR. A commit references this bug: Author: feld Date: Tue Mar 28 23:19:48 UTC 2017 New revision: 437174 URL: https://svnweb.freebsd.org/changeset/ports/437174 Log: Document hostapd vulnerabilities PR: 217906 Changes: head/security/vuxml/vuln.xml A commit references this bug: Author: junovitch Date: Thu Mar 30 01:47:42 UTC 2017 New revision: 437264 URL: https://svnweb.freebsd.org/changeset/ports/437264 Log: Actually, let's refer to the original entries for these hostapd CVEs Reflect CVE-2016-4476 / VID 967b852b-1e28-11e6-8dd3-002590263bf5 in cancelled CVE-2015-5314 is in VID 976567f6-05c5-11e6-94fa-002590263bf5 PR: 217906 Security: https://vuxml.FreeBSD.org/freebsd/976567f6-05c5-11e6-94fa-002590263bf5.html Security: https://vuxml.FreeBSD.org/freebsd/967b852b-1e28-11e6-8dd3-002590263bf5.html Changes: head/security/vuxml/vuln.xml |
Created attachment 180949 [details] patch Document multiple vulnerabilities fixed in hostapd 2.6. Document CVE-2015-5314 and CVE-2016-4476 affecting hostapd versions prior to 2.6.