On Tue, Oct 16, 2007 at 12:37:31AM +0200, Nico Golde wrote: > Package: madwifi-source > Severity: grave > Tags: security patch > > Hi, > the following CVE (Common Vulnerabilities & Exposures) id was > published for madwifi-source. > > CVE-2007-5448[0]: > | Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial > | of service (panic) via a beacon frame with a large length value in the > | extended supported rates (xrates) element, which triggers an assertion > | error, related to net80211/ieee80211_scan_ap.c and > | net80211/ieee80211_scan_sta.c. > > If you fix this vulnerability please also include the CVE id > in your changelog entry. > > This is fixed in upstream svn on: > http://madwifi.org/changeset/2736 > > For further information: > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5448
Can you please upload a fixed package to stable? Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
