Date: Thu, 09 Jul 2015 02:43:56 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 201432] security/wpa_supplicant: Patch for WPS_NFC option security advisory (2015-5) Message-ID: <bug-201432-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201432 Bug ID: 201432 Summary: security/wpa_supplicant: Patch for WPS_NFC option security advisory (2015-5) Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: marino@FreeBSD.org Reporter: jason.unovitch@gmail.com Flags: maintainer-feedback?(marino@FreeBSD.org) Assignee: marino@FreeBSD.org Created attachment 158552 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=158552&action=edit wpa_supplicant-2.4_4.diff Good day. Upstream announced today on the oss-security mailing list a vulnerability with the WPS_NFC option. The option is off by default however patch attached to resolve it for anyone using the option. References: http://w1.fi/security/2015-5/incomplete-wps-and-p2p-nfc-ndef-record-payload-length-validation.txt http://w1.fi/security/2015-2/0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-201432-13>