I noticed that the cm-11.0 branch of CyanogenMod contains patches for this vulnerability:
They can be applied to Replicant without any changes. They are also in the android_external_wpa_supplicant_8_ti repository. Is this repository actually needed in Replicant?
upstream patches for reference: https://w1.fi/security/2014-1/
Updated by My Self about 7 years ago
- File wpasupplicant_cve-2014-3686-reviewed.zip wpasupplicant_cve-2014-3686-reviewed.zip added
- Status changed from New to In Progress
- % Done changed from 0 to 90
Thanks a lot for providing that patchset!
I've merged them all to my local repo and successfully compiled/reflashed/tested Replicant 4.2 on my i9100.
I just tested the Replicant functionalities. I don't tested Wi-Fi itself!
I've attached your patchset again, with the suffix -reviewed. I just added my Tested-by line inside the patch-headers, but this doesn't matter; so of course your original patchset could be taken.
(The original source seems to be: https://android.googlesource.com/platform/external/wpa_supplicant_8/+/772e12c)