Bug 217906

Summary: security/vuxml: Document multiple security vulnerabilities in hostapd
Product: Ports & Packages Reporter: Craig Leres <leres>
Component: Individual Port(s)Assignee: Mark Felder <feld>
Status: Closed FIXED    
Severity: Affects Only Me CC: feld
Priority: --- Flags: bugzilla: maintainer-feedback? (ports-secteam)
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
patch none

Description Craig Leres freebsd_committer 2017-03-19 01:16:45 UTC
Created attachment 180949 [details]
patch

Document multiple vulnerabilities fixed in hostapd 2.6.

Document CVE-2015-5314 and CVE-2016-4476 affecting hostapd versions prior to 2.6.
Comment 1 Craig Leres freebsd_committer 2017-03-19 01:30:02 UTC
I just submitted PR 217907 which upgrades hostapd to 2.6 and solves the vulnerabilities listed in this PR.
Comment 2 commit-hook freebsd_committer 2017-03-29 19:15:27 UTC
A commit references this bug:

Author: feld
Date: Tue Mar 28 23:19:48 UTC 2017
New revision: 437174
URL: https://svnweb.freebsd.org/changeset/ports/437174

Log:
  Document hostapd vulnerabilities

  PR:		217906

Changes:
  head/security/vuxml/vuln.xml
Comment 3 commit-hook freebsd_committer 2017-03-30 01:48:12 UTC
A commit references this bug:

Author: junovitch
Date: Thu Mar 30 01:47:42 UTC 2017
New revision: 437264
URL: https://svnweb.freebsd.org/changeset/ports/437264

Log:
  Actually, let's refer to the original entries for these hostapd CVEs

  Reflect CVE-2016-4476 / VID 967b852b-1e28-11e6-8dd3-002590263bf5 in cancelled

  CVE-2015-5314 is in VID 976567f6-05c5-11e6-94fa-002590263bf5

  PR:		217906
  Security:	https://vuxml.FreeBSD.org/freebsd/976567f6-05c5-11e6-94fa-002590263bf5.html
  Security:	https://vuxml.FreeBSD.org/freebsd/967b852b-1e28-11e6-8dd3-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml