Incoming details
Details here: https://www.krackattacks.com/ Both hostapd and wpa_supplicant are affected. Upstream has published patches: https://w1.fi/security/2017-1/
See tracker bug 634440 for more details.
The patches for this seem to break 802.11r/FT for me. As no one has ever asked for that feature, nor reported a bug on it, I think that's okay. I added it for me, and I'm breaking it for me. I'll cry alone. Ebuild is in the tree, intentionally holding for a test period before stabilizing.
cc: arches which I didn't stable
*** Bug 634418 has been marked as a duplicate of this bug. ***
*** Bug 619058 has been marked as a duplicate of this bug. ***
ppc/ppc64 stable
arm stable, all arches done.
Thank you arches. @ Maintainer(s): Please remove the vulnerable version from tree.
Vulnerable removed, thanks
GLSA Vote: Yes! New GLSA request filed.
This issue was resolved and addressed in GLSA 201711-03 at https://security.gentoo.org/glsa/201711-03 by GLSA coordinator Aaron Bauman (b-man).