Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 688726

Summary: net-wireless/hostapd-2.8 stablereq (security)
Product: Gentoo Linux Reporter: Andriy Utkin <andrey_utkin>
Component: StabilizationAssignee: Andriy Utkin <andrey_utkin>
Status: RESOLVED FIXED    
Severity: major CC: Manfred.Knick
Priority: High Keywords: STABLEREQ
Version: unspecifiedFlags: stable-bot: sanity-check+
Hardware: All   
OS: Linux   
URL: http://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt
Whiteboard:
Package list:
net-wireless/hostapd-2.8
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 688588    

Description Andriy Utkin gentoo-dev 2019-06-25 22:18:34 UTC
Hi,

hostapd 2.8 release has been issued soon after CVE-2019-11555 fix has been implemented.

Upstream security advisory: http://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt

Unfortunately I haven't followed hostapd release announcements so it's been sitting unpackaged for two months. Just recently a verbump request https://bugs.gentoo.org/688588 was raised. One day ago I have added the new version to the tree.

This timeline actually gives me some hope that the 2.8 release is pretty good for stabilization, as there were no corrective minor releases since then.
Comment 1 Agostino Sarubbo gentoo-dev 2019-06-26 08:32:45 UTC
amd64 stable
Comment 2 Agostino Sarubbo gentoo-dev 2019-06-26 09:44:43 UTC
x86 stable
Comment 3 Sergei Trofimovich (RETIRED) gentoo-dev 2019-06-27 07:40:09 UTC
ppc stable
Comment 4 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-07-22 16:30:40 UTC
arm64 stable
Comment 5 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-07-28 13:47:22 UTC
arm stable