Author: carnil Date: 2017-10-17 05:04:49 +0000 (Tue, 17 Oct 2017) New Revision: 56772
Modified: data/CVE/list Log: Add CVE-2017-13084 for wpa, but mark it as unimportant Detailed explanation in upstream report and added to NOTE section. Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-10-17 04:48:34 UTC (rev 56771) +++ data/CVE/list 2017-10-17 05:04:49 UTC (rev 56772) @@ -6022,6 +6022,14 @@ RESERVED CVE-2017-13084 RESERVED + - wpa <unfixed> (unimportant) + NOTE: From https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt + NOTE: As far as the related CVE-2017-13084 (reinstallation of the STK key in + NOTE: the PeerKey handshake) is concerned, it should be noted that PeerKey + NOTE: implementation in wpa_supplicant is not fully functional and the actual + NOTE: installation of the key into the driver does not work. As such, this + NOTE: item is not applicable in practice. Furthermore, the PeerKey handshake + NOTE: for IEEE 802.11e DLS is obsolete and not known to have been deployed. CVE-2017-13083 RESERVED CVE-2017-13082 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits