either patch 2.3 or update to 2.5 Reproducible: Steps to Reproduce:
Already dealt with a long time ago. The security issues are (build time) configuration-dependent. Only one of the issues affected us and only in hostapd. *** This bug has been marked as a duplicate of bug 15876 ***
Status: NEW => RESOLVEDResolution: (none) => DUPLICATE
Ah, indeed... thanks for pointing that out :) I got confused by the date in the wpa_supplicant Changelog: http://w1.fi/cgit/hostap/tree/wpa_supplicant/ChangeLog Oh well ... a few issues less to worry about...
Yeah, you gotta love it. Some upstreams and some users criticize distributions for their packages being a mess of patches, but you get upstreams that fix security issues and then don't release new versions with the fixes for 5 months...so you can't rely on just updating to the newest versions. I think the Linux Foundation is trying to push projects to actually maintain a stable branch. It'd be nice if that happens.