CVE-2007-6025 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6025): Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 and earlier allows remote attackers to cause a denial of service (crash) via crafted TSF data.
As it seems, our current stable 0.5.7 might not be affected by this bug, but the ~arch ebuilds are. Patch is in $URL and is already committed upstream. Mobile, please advise.
(In reply to comment #1) > As it seems, our current stable 0.5.7 might not be affected by this bug, but > the ~arch ebuilds are. > Patch is in $URL and is already committed upstream. > > Mobile, please advise. > *ping*
Version 0.6.1, which fixes the bug, has been released.
(In reply to comment #3) > Version 0.6.1, which fixes the bug, has been released. > Thanks for the info. mobile herd, please bump so we can close this one.
*** Bug 201650 has been marked as a duplicate of this bug. ***
*wpa_supplicant-0.6.1 (08 Jan 2008) 08 Jan 2008; Robert Buchholz <rbu@gentoo.org> -wpa_supplicant-0.6.0.ebuild, +wpa_supplicant-0.6.1.ebuild: Version bump by security for remote DoS vulnerability (CVE-2007-6025) in 0.6.0 (bug #199828)