Upstream patches and advisories: CVE-2015-5310 -- http://w1.fi/security/2015-6/ CVE-2015-5315 -- http://w1.fi/security/2015-7/ CVE-2015-5316 -- http://w1.fi/security/2015-8/
Are you letting me know, or is there a patch in the works that you would like to see approved?
(In reply to John Marino from comment #1) I am just filing the report and am working on other things at the moment.
A commit references this bug: Author: marino Date: Mon Apr 18 21:05:28 UTC 2016 New revision: 413609 URL: https://svnweb.freebsd.org/changeset/ports/413609 Log: security/wpa_supplicant: patch 4 CVE security advisories These patches address the following: CVE-2015-5310 CVE-2015-5314 CVE-2015-5315 CVE-2015-5316 These patches were developed upstream and published as a response to the security advisories. PR: 208482 Requested by: Jason Unovitch Changes: head/security/wpa_supplicant/Makefile head/security/wpa_supplicant/files/patch-2015-6-backported-WNM-Ignore-Key-Data-in-WNM-Sleep-Mode-Response-frame head/security/wpa_supplicant/files/patch-2015-7-EAP-pwd-peer-Fix-last-fragment-length-validation head/security/wpa_supplicant/files/patch-2015-7-EAP-pwd-server-Fix-last-fragment-length-validation head/security/wpa_supplicant/files/patch-2015-8-EAP-pwd-peer-Fix-error-path-for-unexpected-Confirm-m
Thanks. If this requires any change to vuxml, you might want to go ahead and make those changes.
A commit references this bug: Author: junovitch Date: Tue Apr 19 00:36:18 UTC 2016 New revision: 413617 URL: https://svnweb.freebsd.org/changeset/ports/413617 Log: Document wpa_supplicant security advisories PR: 208482 Security: CVE-2015-5310 Security: CVE-2015-5315 Security: CVE-2015-5316 Security: https://vuxml.FreeBSD.org/freebsd/976567f6-05c5-11e6-94fa-002590263bf5.html Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: junovitch Date: Tue Apr 19 00:38:25 UTC 2016 New revision: 413618 URL: https://svnweb.freebsd.org/changeset/ports/413618 Log: MFH: r413609 security/wpa_supplicant: patch 3 CVE security advisories These patches were developed upstream and published as a response to the security advisories. PR: 208482 Security: CVE-2015-5310 Security: CVE-2015-5315 Security: CVE-2015-5316 Security: https://vuxml.FreeBSD.org/freebsd/976567f6-05c5-11e6-94fa-002590263bf5.html Approved by: ports-secteam (with hat) Changes: _U branches/2016Q2/ branches/2016Q2/security/wpa_supplicant/Makefile branches/2016Q2/security/wpa_supplicant/files/patch-2015-6-backported-WNM-Ignore-Key-Data-in-WNM-Sleep-Mode-Response-frame branches/2016Q2/security/wpa_supplicant/files/patch-2015-7-EAP-pwd-peer-Fix-last-fragment-length-validation branches/2016Q2/security/wpa_supplicant/files/patch-2015-7-EAP-pwd-server-Fix-last-fragment-length-validation branches/2016Q2/security/wpa_supplicant/files/patch-2015-8-EAP-pwd-peer-Fix-error-path-for-unexpected-Confirm-m
(In reply to John Marino from comment #4) Thanks John, CVE-2015-5314 was for hostapd so that didn't need any documentation or mention as we don't support the option needed for the port to be impacted.