From owner-svn-ports-all@FreeBSD.ORG Tue Jun 2 09:44:26 2015 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 92AA0A8A; Tue, 2 Jun 2015 09:44:26 +0000 (UTC) (envelope-from marino@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 659B51F26; Tue, 2 Jun 2015 09:44:26 +0000 (UTC) (envelope-from marino@FreeBSD.org) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t529iQWe002156; Tue, 2 Jun 2015 09:44:26 GMT (envelope-from marino@FreeBSD.org) Received: (from marino@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t529iQTx002155; Tue, 2 Jun 2015 09:44:26 GMT (envelope-from marino@FreeBSD.org) Message-Id: <201506020944.t529iQTx002155@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: marino set sender to marino@FreeBSD.org using -f From: John Marino Date: Tue, 2 Jun 2015 09:44:26 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r388313 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Jun 2015 09:44:26 -0000 Author: marino Date: Tue Jun 2 09:44:25 2015 New Revision: 388313 URL: https://svnweb.freebsd.org/changeset/ports/388313 Log: security/vuxml: multiple vulnerabilities of wpa_supplicant and hostapd Security: CVE-2015-4141 Security: CVE-2015-4142 Security: CVE-2015-4143 Security: CVE-2015-4144 Security: CVE-2015-4145 Security: CVE-2015-4146 PR: 200568 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Jun 2 09:35:23 2015 (r388312) +++ head/security/vuxml/vuln.xml Tue Jun 2 09:44:25 2015 (r388313) @@ -57,6 +57,53 @@ Notes: --> + + hostapd and wpa_supplicant -- multiple vulnerabilities + + + hostapd + 2.4_1 + + + wpa_supplicant + 2.4_3 + + + + +

Jouni Malinen reports:

+
+

WPS UPnP vulnerability with HTTP chunked transfer encoding. (2015-2 + - CVE-2015-4141)

+
+
+

Integer underflow in AP mode WMM Action frame processing. (2015-3 - + CVE-2015-4142)

+
+
+

EAP-pwd missing payload length validation. (2015-4 - CVE-2015-4143, + CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)

+
+ +
+ + http://w1.fi/security/2015-2/wps-upnp-http-chunked-transfer-encoding.txt + http://w1.fi/security/2015-3/integer-underflow-in-ap-mode-wmm-action-frame.txt + http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt + CVE-2015-4141 + CVE-2015-4142 + CVE-2015-4143 + CVE-2015-4144 + CVE-2015-4145 + CVE-2015-4146 + http://openwall.com/lists/oss-security/2015/05/31/6 + + + 2015-05-04 + 2015-06-01 + +
+ ffmpeg -- multiple vulnerabilities