Created attachment 174892 [details]
Update to 2.5. Upstream changes:
- fixed WPS UPnP vulnerability with HTTP chunked transfer encoding
- fixed WMM Action frame parser
- fixed EAP-pwd server missing payload length validation
(CVE-2015-4143, CVE-2015-4144, CVE-2015-4145)
- fixed validation of WPS and P2P NFC NDEF record payload length
Important: Please delete these obsolete patch files:
Created attachment 174893 [details]
poudriere build log (10.3-RELEASE)
You patch works fine, but since it fixes security vulnerabilities you should also update the vuxml file.
Documentation about this can be found here:
Are you able to attach a further patch for the vuxml file I can review and commit together with these fixes?
If not I will do that but I will need some more time.
Now had time to look at vuxml and found out the entries are already there, so I'm committing this soon.
Sorry for the delay!
A commit references this bug:
Date: Fri Sep 23 18:20:11 UTC 2016
New revision: 422688
Update to 2.5
Submitted by: leres at ee.lbl.gov (maintainer)