688726 – net-wireless/hostapd-2.8 stablereq (security)

Bug 688726 - net-wireless/hostapd-2.8 stablereq (security)

Summary: net-wireless/hostapd-2.8 stablereq (security)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Stabilization (show other bugs)
Hardware:	All Linux

Importance:	High major (vote)
Assignee:	Andriy Utkin (RETIRED)

URL:	http://w1.fi/security/2019-5/eap-pwd-...
Whiteboard:
Keywords:	STABLEREQ

Depends on:
Blocks:	688588
	Show dependency tree

Reported:	2019-06-25 22:18 UTC by Andriy Utkin (RETIRED)
Modified:	2019-08-11 01:02 UTC (History)
CC List:	1 user (show)

See Also:
Package list:	net-wireless/hostapd-2.8
Runtime testing required:	---

Flags:	stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andriy Utkin (RETIRED) gentoo-dev

2019-06-25 22:18:34 UTC

Hi,

hostapd 2.8 release has been issued soon after CVE-2019-11555 fix has been implemented.

Upstream security advisory: http://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt

Unfortunately I haven't followed hostapd release announcements so it's been sitting unpackaged for two months. Just recently a verbump request https://bugs.gentoo.org/688588 was raised. One day ago I have added the new version to the tree.

This timeline actually gives me some hope that the 2.8 release is pretty good for stabilization, as there were no corrective minor releases since then.

Comment 1 Agostino Sarubbo gentoo-dev

2019-06-26 08:32:45 UTC

amd64 stable

Comment 2 Agostino Sarubbo gentoo-dev

2019-06-26 09:44:43 UTC

x86 stable

Comment 3 Sergei Trofimovich (RETIRED) gentoo-dev

2019-06-27 07:40:09 UTC

ppc stable

Comment 4 Aaron Bauman (RETIRED) gentoo-dev

2019-07-22 16:30:40 UTC

arm64 stable

Comment 5 Mikle Kolyada (RETIRED) archtester

2019-07-28 13:47:22 UTC

arm stable