Bug 16953

Summary: hostapd/wpa_supplicant security issues: CVE-2015-414[1-5]
Product: Mageia Reporter: Thomas Backlund <tmb>
Component: SecurityAssignee: Thomas Backlund <tmb>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: 5   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: wpa_supplicant, hostapd CVE:
Status comment:

Description Thomas Backlund 2015-10-13 13:45:34 CEST 
either patch 2.3 or update to 2.5

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-10-13 14:10:09 CEST 
Already dealt with a long time ago.  The security issues are (build time) configuration-dependent.  Only one of the issues affected us and only in hostapd.

*** This bug has been marked as a duplicate of bug 15876 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE

Comment 2 Thomas Backlund 2015-10-13 14:47:11 CEST 
Ah, indeed... thanks for pointing that out :)

I got confused by the date in the wpa_supplicant Changelog:
http://w1.fi/cgit/hostap/tree/wpa_supplicant/ChangeLog

Oh well ... a few issues less to worry about...
Comment 3 David Walser 2015-10-13 14:57:11 CEST 
Yeah, you gotta love it.  Some upstreams and some users criticize distributions for their packages being a mess of patches, but you get upstreams that fix security issues and then don't release new versions with the fixes for 5 months...so you can't rely on just updating to the newest versions.  I think the Linux Foundation is trying to push projects to actually maintain a stable branch.  It'd be nice if that happens.