Bug 16953 - hostapd/wpa_supplicant security issues: CVE-2015-414[1-5]
Summary: hostapd/wpa_supplicant security issues: CVE-2015-414[1-5]
Status: RESOLVED DUPLICATE of bug 15876
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Thomas Backlund
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-10-13 13:45 CEST by Thomas Backlund
Modified: 2015-10-13 14:57 CEST (History)
0 users

See Also:
Source RPM: wpa_supplicant, hostapd
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Thomas Backlund 2015-10-13 13:45:34 CEST 
either patch 2.3 or update to 2.5

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-10-13 14:10:09 CEST 
Already dealt with a long time ago.  The security issues are (build time) configuration-dependent.  Only one of the issues affected us and only in hostapd.

*** This bug has been marked as a duplicate of bug 15876 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE

Comment 2 Thomas Backlund 2015-10-13 14:47:11 CEST 
Ah, indeed... thanks for pointing that out :)

I got confused by the date in the wpa_supplicant Changelog:
http://w1.fi/cgit/hostap/tree/wpa_supplicant/ChangeLog

Oh well ... a few issues less to worry about...
Comment 3 David Walser 2015-10-13 14:57:11 CEST 
Yeah, you gotta love it.  Some upstreams and some users criticize distributions for their packages being a mess of patches, but you get upstreams that fix security issues and then don't release new versions with the fixes for 5 months...so you can't rely on just updating to the newest versions.  I think the Linux Foundation is trying to push projects to actually maintain a stable branch.  It'd be nice if that happens.
Note You need to log in before you can comment on or make changes to this bug.