Project

General

Profile

Issue #1401

CVE-2014-3686 wpa_supplicant

Added by Wolfgang Wiedmeyer about 6 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
High
Category:
Security
Target version:
Start date:
10/20/2015
Due date:
% Done:

90%

Estimated time:
Resolution:
wontfix
Device:
Grant:
Type of work:

Description

Entry: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3686
I noticed that the cm-11.0 branch of CyanogenMod contains patches for this vulnerability:
https://github.com/CyanogenMod/android_external_wpa_supplicant_8/commit/5ed77d870e563df8560a40478204be5ea9db33e9
https://github.com/CyanogenMod/android_external_wpa_supplicant_8/commit/8e575d91534fd8ad98b06caec872a056c7f2737c
https://github.com/CyanogenMod/android_external_wpa_supplicant_8/commit/b76a82e8f28a5c3f43958e0e1b3c26390725b040

They can be applied to Replicant without any changes. They are also in the android_external_wpa_supplicant_8_ti repository. Is this repository actually needed in Replicant?

upstream patches for reference: https://w1.fi/security/2014-1/


Files

wpasupplicant_cve-2014-3686.zip (3.58 KB) wpasupplicant_cve-2014-3686.zip patches Wolfgang Wiedmeyer, 10/20/2015 09:09 PM
wpasupplicant_cve-2014-3686-reviewed.zip (4.02 KB) wpasupplicant_cve-2014-3686-reviewed.zip My Self, 11/17/2015 11:07 PM
#1

Updated by Wolfgang Wiedmeyer about 6 years ago

Just saw that the gta04 needs the android_external_wpa_supplicant_8_ti repository, so the patches need to go in there, too.

#2

Updated by My Self almost 6 years ago

Thanks a lot for providing that patchset!

I've merged them all to my local repo and successfully compiled/reflashed/tested Replicant 4.2 on my i9100.
I just tested the Replicant functionalities. I don't tested Wi-Fi itself!

I've attached your patchset again, with the suffix -reviewed. I just added my Tested-by line inside the patch-headers, but this doesn't matter; so of course your original patchset could be taken.

(The original source seems to be: https://android.googlesource.com/platform/external/wpa_supplicant_8/+/772e12c)

#3

Updated by Denis 'GNUtoo' Carikli almost 6 years ago

  • Device Not device specific added
#4

Updated by Wolfgang Wiedmeyer over 4 years ago

  • Target version set to Replicant 4.2
  • Device added
  • Device deleted (Not device specific)
#5

Updated by Kurtis Hanna about 2 years ago

  • Status changed from In Progress to Closed
  • Resolution set to wontfix

This issue has been closed because Replicant 4.2 is no longer supported or maintained.

Also available in: Atom PDF