From owner-freebsd-security@freebsd.org  Mon Oct 16 15:36:47 2017
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 119ADE3D469;
 Mon, 16 Oct 2017 15:36:47 +0000 (UTC)
 (envelope-from franco@lastsummer.de)
Received: from host64.shmhost.net (host64.shmhost.net
 [IPv6:2a01:4f8:a0:51d7::103:2])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id CCE4284EC5;
 Mon, 16 Oct 2017 15:36:46 +0000 (UTC)
 (envelope-from franco@lastsummer.de)
Received: from [IPv6:2a02:8106:22a:4b02:a42b:20d9:659f:eccd] (unknown
 [IPv6:2a02:8106:22a:4b02:a42b:20d9:659f:eccd])
 by host64.shmhost.net (Postfix) with ESMTPSA id 07560162A01;
 Mon, 16 Oct 2017 17:36:34 +0200 (CEST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Subject: =?utf-8?Q?Re=3A_WPA2_vulnerabilities_=E2=80=94_is_FreeBSD-as-AP_a?=
 =?utf-8?Q?ffected=3F?=
From: Franco Fichtner <franco@lastsummer.de>
In-Reply-To: <59E4A024.6070708@quip.cz>
Date: Mon, 16 Oct 2017 17:36:31 +0200
Cc: lev@FreeBSD.org, freebsd-security <freebsd-security@freebsd.org>,
 freebsd-wireless <freebsd-wireless@freebsd.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <D45CE63F-7719-40E4-9742-9ABF36945744@lastsummer.de>
References: <3bcef903-4d27-b49f-81aa-9e055e22efa5@FreeBSD.org>
 <59E4A024.6070708@quip.cz>
To: Miroslav Lachman <000.fbsd@quip.cz>
X-Mailer: Apple Mail (2.3273)
X-Virus-Scanned: clamav-milter 0.99.2 at host64.shmhost.net
X-Virus-Status: Clean
X-Spam-Flag: NO
X-Spam-Score: -1.0
X-Spam-Status: No score=-1.0 tagged_above=10.0 required=10.0
 tests=[ALL_TRUSTED]
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Oct 2017 15:36:47 -0000


> On 16. Oct 2017, at 2:03 PM, Miroslav Lachman <000.fbsd@quip.cz> =
wrote:
>=20
> Lev Serebryakov wrote on 10/16/2017 13:56:
>>=20
>>  There are whole lot of new vulnerabilities in WPA2 =
[implementations?]:
>> CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,
>> CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086,
>> CVE-2017-13087, CVE-2017-13088.
>>=20
>>  Does anybody know, is FreeBSD (our WiFi stack + hostapd /
>> wpa_supplicant) affected?
>=20
> Yes. it is discussed at current@ with patch
> =
https://lists.freebsd.org/pipermail/freebsd-current/2017-October/067193.ht=
ml

Did CERT/CC while extending the deadline forget to inform FreeBSD if it
was not informed already?  I am not sure why patches are thrown around
on a mailing list after such an extensive embargo period.


Cheers,
Franco=