** Please note that this issue is confidential and no information should be
disclosed until it is made public, see "Whiteboard" for a date **
Anders Kaseorg discovered that ndiswrapper did not correctly handle
long ESSIDs. If ndiswrapper is in use, a physically near-by attacker
could generate specially crafted wireless network traffic and crash
the system, leading to a denial of service.
Piotr, please prepare an updated ebuild applying the patch and attach it to this bug. We will do prestable testing here. Do not commit anything to CVS.
Created attachment 167023 [details, diff]
Created attachment 167029 [details]
Arch Security Liaisons, please test the attached ebuild and report it stable on this bug.
Target keywords : "x86"
CC'ing current Liaisons:
x86 : maekke, armin76
looks good on x86
This is now public via:
Please commit to CVS with the stable keyword gathered in this bug.
Please don't close security bugs right after your part of the work is done, the security team's is not done necessarily. :)
Time for GLSA vote.
Note that the Ubuntu advisory  talks about "arbitrary code [execution] with root privileges", so maybe we need to reclassify this.
CVE does so, too. Filed a request
GLSA 200901-01, sorry for delay.