Author: carnil
Date: 2017-10-17 05:04:49 +0000 (Tue, 17 Oct 2017)
New Revision: 56772
Modified:
data/CVE/list
Log:
Add CVE-2017-13084 for wpa, but mark it as unimportant
Detailed explanation in upstream report and added to NOTE section.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-17 04:48:34 UTC (rev 56771)
+++ data/CVE/list 2017-10-17 05:04:49 UTC (rev 56772)
@@ -6022,6 +6022,14 @@
RESERVED
CVE-2017-13084
RESERVED
+ - wpa <unfixed> (unimportant)
+ NOTE: From
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
+ NOTE: As far as the related CVE-2017-13084 (reinstallation of the STK
key in
+ NOTE: the PeerKey handshake) is concerned, it should be noted that
PeerKey
+ NOTE: implementation in wpa_supplicant is not fully functional and the
actual
+ NOTE: installation of the key into the driver does not work. As such,
this
+ NOTE: item is not applicable in practice. Furthermore, the PeerKey
handshake
+ NOTE: for IEEE 802.11e DLS is obsolete and not known to have been
deployed.
CVE-2017-13083
RESERVED
CVE-2017-13082
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
