Project

General

Profile

Issue #1401

CVE-2014-3686 wpa_supplicant

Added by Wolfgang Wiedmeyer about 6 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
High
Category:
Security
Target version:
Start date:
10/20/2015
Due date:
% Done:

90%

Estimated time:
Resolution:
wontfix
Device:
Grant:
Type of work:

Description

Entry: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3686
I noticed that the cm-11.0 branch of CyanogenMod contains patches for this vulnerability:
https://github.com/CyanogenMod/android_external_wpa_supplicant_8/commit/5ed77d870e563df8560a40478204be5ea9db33e9
https://github.com/CyanogenMod/android_external_wpa_supplicant_8/commit/8e575d91534fd8ad98b06caec872a056c7f2737c
https://github.com/CyanogenMod/android_external_wpa_supplicant_8/commit/b76a82e8f28a5c3f43958e0e1b3c26390725b040

They can be applied to Replicant without any changes. They are also in the android_external_wpa_supplicant_8_ti repository. Is this repository actually needed in Replicant?

upstream patches for reference: https://w1.fi/security/2014-1/


Files

wpasupplicant_cve-2014-3686.zip (3.58 KB) wpasupplicant_cve-2014-3686.zip patches Wolfgang Wiedmeyer, 10/20/2015 09:09 PM
wpasupplicant_cve-2014-3686-reviewed.zip (4.02 KB) wpasupplicant_cve-2014-3686-reviewed.zip My Self, 11/17/2015 11:07 PM

Also available in: Atom PDF