Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 688726 - net-wireless/hostapd-2.8 stablereq (security)
Summary: net-wireless/hostapd-2.8 stablereq (security)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Stabilization (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Andriy Utkin
URL: http://w1.fi/security/2019-5/eap-pwd-...
Whiteboard:
Keywords: STABLEREQ
Depends on:
Blocks: 688588
  Show dependency tree
 
Reported: 2019-06-25 22:18 UTC by Andriy Utkin
Modified: 2019-08-11 01:02 UTC (History)
1 user (show)

See Also:
Package list:
net-wireless/hostapd-2.8
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andriy Utkin gentoo-dev 2019-06-25 22:18:34 UTC
Hi,

hostapd 2.8 release has been issued soon after CVE-2019-11555 fix has been implemented.

Upstream security advisory: http://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt

Unfortunately I haven't followed hostapd release announcements so it's been sitting unpackaged for two months. Just recently a verbump request https://bugs.gentoo.org/688588 was raised. One day ago I have added the new version to the tree.

This timeline actually gives me some hope that the 2.8 release is pretty good for stabilization, as there were no corrective minor releases since then.
Comment 1 Agostino Sarubbo gentoo-dev 2019-06-26 08:32:45 UTC
amd64 stable
Comment 2 Agostino Sarubbo gentoo-dev 2019-06-26 09:44:43 UTC
x86 stable
Comment 3 Sergei Trofimovich (RETIRED) gentoo-dev 2019-06-27 07:40:09 UTC
ppc stable
Comment 4 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-07-22 16:30:40 UTC
arm64 stable
Comment 5 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-07-28 13:47:22 UTC
arm stable