[Secure-testing-commits] r34618 - data/CVE

Sun, 31 May 2015 13:18:01 -0700 

Author: carnil
Date: 2015-05-31 20:17:04 +0000 (Sun, 31 May 2015)
New Revision: 34618

Modified:
   data/CVE/list
Log:
Four more CVEs for wpa

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-05-31 18:43:31 UTC (rev 34617)
+++ data/CVE/list       2015-05-31 20:17:04 UTC (rev 34618)
@@ -1203,13 +1203,34 @@
        [jessie] - didjvu <no-dsa> (Minor issue)
        NOTE: https://bitbucket.org/jwilk/didjvu/issue/8
        NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2015/05/09/7
-CVE-2015-XXXX [EAP-pwd missing payload length validation]
+CVE-2015-4146 [EAP-pwd missing payload length validation]
        - wpa <unfixed>
        - wpasupplicant <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
        - hostapd <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
        NOTE: http://w1.fi/security/2015-4/
+       NOTE: 
http://w1.fi/security/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
+CVE-2015-4145 [EAP-pwd missing payload length validation]
+       - wpa <unfixed>
+       - wpasupplicant <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
+       - hostapd <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
+       NOTE: http://w1.fi/security/2015-4/
+       NOTE: 
http://w1.fi/security/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
+       NOTE: 
http://w1.fi/security/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
+CVE-2015-4144 [EAP-pwd missing payload length validation]
+       - wpa <unfixed>
+       - wpasupplicant <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
+       - hostapd <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
+       NOTE: http://w1.fi/security/2015-4/
+       NOTE: 
http://w1.fi/security/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
+       NOTE: 
http://w1.fi/security/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
+CVE-2015-4143 [EAP-pwd missing payload length validation]
+       - wpa <unfixed>
+       - wpasupplicant <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
+       - hostapd <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
+       NOTE: http://w1.fi/security/2015-4/
        NOTE: 
http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
-       NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2015/05/07/5
+       NOTE: 
http://w1.fi/security/2015-4/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
+       NOTE: 
http://w1.fi/security/2015-4/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
 CVE-2015-4142 [Integer underflow in AP mode WMM Action frame processing]
        - wpa <unfixed>
        - wpasupplicant <removed>


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to