alpine issueshttps://gitlab.alpinelinux.org/groups/alpine/-/issues2019-07-23T13:53:25Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4231libtasn1: invalid read (CVE-2015-3622)2019-07-23T13:53:25ZAlexander Belouslibtasn1: invalid read (CVE-2015-3622)The \_asn1\_extract\_der\_octet function in lib/decoding.c in GNU
Libtasn1 before 4.5 allows remote attackers to cause a denial of service
(out-of-bounds heap read) via a crafted certificate.
References:
https://lists.gnu.org/archive/...The \_asn1\_extract\_der\_octet function in lib/decoding.c in GNU
Libtasn1 before 4.5 allows remote attackers to cause a denial of service
(out-of-bounds heap read) via a crafted certificate.
References:
https://lists.gnu.org/archive/html/help-libtasn1/2015-04/msg00000.html
http://packetstormsecurity.com/files/131711/libtasn1-Heap-Overflow.html
http://www.mandriva.com/security/advisories?name=MDVSA-2015:232
http://www.securityfocus.com/bid/74419
http://www.securitytracker.com/id/1032246
http://seclists.org/oss-sec/2015/q2/318
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3622
*(from redmine: issue id 4231, created on 2015-05-22, closed on 2015-06-11)*
* Relations:
* child #4232
* child #4233
* child #4234https://gitlab.alpinelinux.org/alpine/aports/-/issues/4230[v3.1] mysql: man-in-the-middle (CVE-2015-3152)2019-07-12T14:57:56ZAlexander Belous[v3.1] mysql: man-in-the-middle (CVE-2015-3152)A vulnerability has been reported concerning the impossibility for MySQL
users (with any major stable version) to enforce an effective SSL/TLS
connection that would be immune from man-in-the-middle (MITM) attacks
performing a malicious d...A vulnerability has been reported concerning the impossibility for MySQL
users (with any major stable version) to enforce an effective SSL/TLS
connection that would be immune from man-in-the-middle (MITM) attacks
performing a malicious downgrade.
While the issue has been addressed in MySQL preview release 5.7.3 in
December 2013, it is perceived that the majority of MySQL users are not
aware of this limitation and that the issue should be treated as a
vulnerability.
Affected version:
MySQL <= 5.7.2
References:
https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390
http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-3.html
https://mariadb.atlassian.net/browse/MDEV-7937
https://bugs.launchpad.net/percona-server/+bug/1447527
http://seclists.org/oss-sec/2015/q2/308
*(from redmine: issue id 4230, created on 2015-05-22, closed on 2017-09-05)*
* Relations:
* parent #42263.1.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4229[v3.0] mysql: man-in-the-middle (CVE-2015-3152)2019-07-12T14:57:55ZAlexander Belous[v3.0] mysql: man-in-the-middle (CVE-2015-3152)A vulnerability has been reported concerning the impossibility for MySQL
users (with any major stable version) to enforce an effective SSL/TLS
connection that would be immune from man-in-the-middle (MITM) attacks
performing a malicious d...A vulnerability has been reported concerning the impossibility for MySQL
users (with any major stable version) to enforce an effective SSL/TLS
connection that would be immune from man-in-the-middle (MITM) attacks
performing a malicious downgrade.
While the issue has been addressed in MySQL preview release 5.7.3 in
December 2013, it is perceived that the majority of MySQL users are not
aware of this limitation and that the issue should be treated as a
vulnerability.
Affected version:
MySQL <= 5.7.2
References:
https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390
http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-3.html
https://mariadb.atlassian.net/browse/MDEV-7937
https://bugs.launchpad.net/percona-server/+bug/1447527
http://seclists.org/oss-sec/2015/q2/308
*(from redmine: issue id 4229, created on 2015-05-22, closed on 2017-09-05)*
* Relations:
* parent #42263.0.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4228[v2.7] mysql: man-in-the-middle (CVE-2015-3152)2019-07-12T14:57:55ZAlexander Belous[v2.7] mysql: man-in-the-middle (CVE-2015-3152)A vulnerability has been reported concerning the impossibility for MySQL
users (with any major stable version) to enforce an effective SSL/TLS
connection that would be immune from man-in-the-middle (MITM) attacks
performing a malicious d...A vulnerability has been reported concerning the impossibility for MySQL
users (with any major stable version) to enforce an effective SSL/TLS
connection that would be immune from man-in-the-middle (MITM) attacks
performing a malicious downgrade.
While the issue has been addressed in MySQL preview release 5.7.3 in
December 2013, it is perceived that the majority of MySQL users are not
aware of this limitation and that the issue should be treated as a
vulnerability.
Affected version:
MySQL <= 5.7.2
References:
https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390
http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-3.html
https://mariadb.atlassian.net/browse/MDEV-7937
https://bugs.launchpad.net/percona-server/+bug/1447527
http://seclists.org/oss-sec/2015/q2/308
*(from redmine: issue id 4228, created on 2015-05-22, closed on 2017-09-05)*
* Relations:
* parent #4226Alpine 2.7.10Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4227[v2.6] mysql: man-in-the-middle (CVE-2015-3152)2019-07-12T14:57:54ZAlexander Belous[v2.6] mysql: man-in-the-middle (CVE-2015-3152)A vulnerability has been reported concerning the impossibility for MySQL
users (with any major stable version) to enforce an effective SSL/TLS
connection that would be immune from man-in-the-middle (MITM) attacks
performing a malicious d...A vulnerability has been reported concerning the impossibility for MySQL
users (with any major stable version) to enforce an effective SSL/TLS
connection that would be immune from man-in-the-middle (MITM) attacks
performing a malicious downgrade.
While the issue has been addressed in MySQL preview release 5.7.3 in
December 2013, it is perceived that the majority of MySQL users are not
aware of this limitation and that the issue should be treated as a
vulnerability.
Affected version:
MySQL <= 5.7.2
References:
https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390
http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-3.html
https://mariadb.atlassian.net/browse/MDEV-7937
https://bugs.launchpad.net/percona-server/+bug/1447527
http://seclists.org/oss-sec/2015/q2/308
*(from redmine: issue id 4227, created on 2015-05-22, closed on 2017-09-05)*
* Relations:
* parent #4226Alpine 2.6.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4225[v3.1] squid: man-in-the-middle (CVE-2015-3455)2019-07-23T13:53:26ZAlexander Belous[v3.1] squid: man-in-the-middle (CVE-2015-3455)Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and
3.5.x before 3.5.4, when configured with client-first SSL-bump, does not
properly validate the domain or hostname fields of X.509 certificates,
which allows man-in-...Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and
3.5.x before 3.5.4, when configured with client-first SSL-bump, does not
properly validate the domain or hostname fields of X.509 certificates,
which allows man-in-the-middle attackers to spoof SSL servers via a
valid certificate.
http://seclists.org/oss-sec/2015/q2/316
CONFIRM: http://advisories.mageia.org/MGASA-2015-0191.html
CONFIRM: http://www.squid-cache.org/Advisories/SQUID-2015\_1.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2015:230
http://www.securitytracker.com/id/1032221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3455
*(from redmine: issue id 4225, created on 2015-05-22, closed on 2016-06-24)*
* Relations:
* parent #4221
* Changesets:
* Revision 5c624c72799e68baf0921cdaf801b695a456b208 by Natanael Copa on 2015-12-02T10:27:57Z:
```
main/squid: security upgrade to 3.4.14 (CVE-2015-3455,CVE-2015-5400)
fixes #4225
fixes #4708
```3.1.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4224[v3.0] squid: man-in-the-middle (CVE-2015-3455)2019-07-23T13:53:27ZAlexander Belous[v3.0] squid: man-in-the-middle (CVE-2015-3455)Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and
3.5.x before 3.5.4, when configured with client-first SSL-bump, does not
properly validate the domain or hostname fields of X.509 certificates,
which allows man-in-...Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and
3.5.x before 3.5.4, when configured with client-first SSL-bump, does not
properly validate the domain or hostname fields of X.509 certificates,
which allows man-in-the-middle attackers to spoof SSL servers via a
valid certificate.
http://seclists.org/oss-sec/2015/q2/316
CONFIRM: http://advisories.mageia.org/MGASA-2015-0191.html
CONFIRM: http://www.squid-cache.org/Advisories/SQUID-2015\_1.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2015:230
http://www.securitytracker.com/id/1032221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3455
*(from redmine: issue id 4224, created on 2015-05-22, closed on 2016-06-24)*
* Relations:
* parent #4221
* Changesets:
* Revision 844cad6bd89bcd5fa65dd0201200a6155bb46cc1 by Natanael Copa on 2015-12-02T10:39:49Z:
```
main/squid: security upgrade to 3.4.14 (CVE-2015-3455,CVE-2015-5400)
fixes #4224
fixes #4709
```3.0.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4223[v2.7] squid: man-in-the-middle (CVE-2015-3455)2019-07-23T13:53:28ZAlexander Belous[v2.7] squid: man-in-the-middle (CVE-2015-3455)Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and
3.5.x before 3.5.4, when configured with client-first SSL-bump, does not
properly validate the domain or hostname fields of X.509 certificates,
which allows man-in-...Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and
3.5.x before 3.5.4, when configured with client-first SSL-bump, does not
properly validate the domain or hostname fields of X.509 certificates,
which allows man-in-the-middle attackers to spoof SSL servers via a
valid certificate.
http://seclists.org/oss-sec/2015/q2/316
CONFIRM: http://advisories.mageia.org/MGASA-2015-0191.html
CONFIRM: http://www.squid-cache.org/Advisories/SQUID-2015\_1.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2015:230
http://www.securitytracker.com/id/1032221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3455
*(from redmine: issue id 4223, created on 2015-05-22, closed on 2016-06-24)*
* Relations:
* parent #4221
* Changesets:
* Revision ce209043e34fbbbf0cff2ed7748e2033c9c9aabd by Natanael Copa on 2015-12-02T10:47:29Z:
```
main/squid: security upgrade to 3.3.14 (CVE-2015-3455)
fixes #4223
```Alpine 2.7.10Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4222[v2.6] squid: man-in-the-middle (CVE-2015-3455)2019-07-12T14:57:52ZAlexander Belous[v2.6] squid: man-in-the-middle (CVE-2015-3455)Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and
3.5.x before 3.5.4, when configured with client-first SSL-bump, does not
properly validate the domain or hostname fields of X.509 certificates,
which allows man-in-...Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and
3.5.x before 3.5.4, when configured with client-first SSL-bump, does not
properly validate the domain or hostname fields of X.509 certificates,
which allows man-in-the-middle attackers to spoof SSL servers via a
valid certificate.
http://seclists.org/oss-sec/2015/q2/316
CONFIRM: http://advisories.mageia.org/MGASA-2015-0191.html
CONFIRM: http://www.squid-cache.org/Advisories/SQUID-2015\_1.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2015:230
http://www.securitytracker.com/id/1032221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3455
*(from redmine: issue id 4222, created on 2015-05-22, closed on 2015-12-02)*
* Relations:
* parent #4221Alpine 2.6.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4221squid: man-in-the-middle (CVE-2015-3455)2019-07-23T13:53:29ZAlexander Beloussquid: man-in-the-middle (CVE-2015-3455)Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and
3.5.x before 3.5.4, when configured with client-first SSL-bump, does not
properly validate the domain or hostname fields of X.509 certificates,
which allows man-in-...Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and
3.5.x before 3.5.4, when configured with client-first SSL-bump, does not
properly validate the domain or hostname fields of X.509 certificates,
which allows man-in-the-middle attackers to spoof SSL servers via a
valid certificate.
http://seclists.org/oss-sec/2015/q2/316
CONFIRM: http://advisories.mageia.org/MGASA-2015-0191.html
CONFIRM: http://www.squid-cache.org/Advisories/SQUID-2015\_1.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2015:230
http://www.securitytracker.com/id/1032221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3455
*(from redmine: issue id 4221, created on 2015-05-22, closed on 2016-06-24)*
* Relations:
* child #4222
* child #4223
* child #4224
* child #4225https://gitlab.alpinelinux.org/alpine/aports/-/issues/4220[v3.0] quassel: remote SQL injection (CVE-2015-3427)2019-07-12T14:57:51ZAlexander Belous[v3.0] quassel: remote SQL injection (CVE-2015-3427)Quassel before 0.12.2 does not properly re-initialize the database
session when the PostgreSQL database is restarted, which allows remote
attackers to conduct SQL injection attacks via a \\ (backslash) in a
message. NOTE: this vulnerabil...Quassel before 0.12.2 does not properly re-initialize the database
session when the PostgreSQL database is restarted, which allows remote
attackers to conduct SQL injection attacks via a \\ (backslash) in a
message. NOTE: this vulnerability exists because of an incomplete fix
for CVE-2013-4422.
http://seclists.org/oss-sec/2015/q2/291
CONFIRM: http://www.quassel-irc.org/node/127
http://www.debian.org/security/2015/dsa-3258
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3427
*(from redmine: issue id 4220, created on 2015-05-22, closed on 2017-09-05)*
* Relations:
* relates #4148
* parent #42183.0.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4219[v2.7] quassel: remote SQL injection (CVE-2015-3427)2019-07-12T14:57:51ZAlexander Belous[v2.7] quassel: remote SQL injection (CVE-2015-3427)Quassel before 0.12.2 does not properly re-initialize the database
session when the PostgreSQL database is restarted, which allows remote
attackers to conduct SQL injection attacks via a \\ (backslash) in a
message. NOTE: this vulnerabil...Quassel before 0.12.2 does not properly re-initialize the database
session when the PostgreSQL database is restarted, which allows remote
attackers to conduct SQL injection attacks via a \\ (backslash) in a
message. NOTE: this vulnerability exists because of an incomplete fix
for CVE-2013-4422.
http://seclists.org/oss-sec/2015/q2/291
CONFIRM: http://www.quassel-irc.org/node/127
http://www.debian.org/security/2015/dsa-3258
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3427
*(from redmine: issue id 4219, created on 2015-05-22, closed on 2017-09-05)*
* Relations:
* parent #4218Alpine 2.7.10Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4217small bugs in packaging of tor2019-07-23T13:53:30ZJean-Charles de Longuevillesmall bugs in packaging of tortor-0.2.6.7-r0 is now tor@testing
When running on stable with repository pinning, it does not work but if
one also add libevent@edge
/var/lib/tor is not created
should have user “tor” as owner
and should be recreated at startup if...tor-0.2.6.7-r0 is now tor@testing
When running on stable with repository pinning, it does not work but if
one also add libevent@edge
/var/lib/tor is not created
should have user “tor” as owner
and should be recreated at startup if needed in case of *run-from-ram*
“rc-service tor stop” does not stop the daemon
the service is marked as stopped but the daemon is still running in the
background
*tested in several instances both in KVM and LXC*
*(from redmine: issue id 4217, created on 2015-05-20, closed on 2015-12-09)*
* Changesets:
* Revision 2e9499059aa562faaa34380d892b5b122e65e305 on 2015-05-22T09:59:02Z:
```
testing/tor: fixes #4217
```Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4216Alpine Linux support for IBM ThinkPad T202019-07-23T13:53:31ZRoderik H.Alpine Linux support for IBM ThinkPad T20Alpine Linux does not have sound driver for notebook IBM ThinkPad T20…
*(from redmine: issue id 4216, created on 2015-05-19, closed on 2016-12-22)*Alpine Linux does not have sound driver for notebook IBM ThinkPad T20…
*(from redmine: issue id 4216, created on 2015-05-19, closed on 2016-12-22)*3.6.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/4215[package request] rust compiler with cargo package manager2019-07-23T13:53:32ZVlad Frolov[package request] rust compiler with cargo package managerRust is a systems programming language that runs blazingly fast,
prevents nearly all segfaults, and guarantees thread safety.
http://www.rust-lang.org/
Cargo is a package manager for Rust: https://github.com/rust-lang/cargo
*(from re...Rust is a systems programming language that runs blazingly fast,
prevents nearly all segfaults, and guarantees thread safety.
http://www.rust-lang.org/
Cargo is a package manager for Rust: https://github.com/rust-lang/cargo
*(from redmine: issue id 4215, created on 2015-05-19, closed on 2015-12-06)*
* Relations:
* duplicates #3949https://gitlab.alpinelinux.org/alpine/aports/-/issues/4214Package request: julia2019-12-05T08:57:31ZVlad FrolovPackage request: juliaJulia is a high-level, high-performance dynamic programming language for
technical computing, with syntax that is familiar to users of other
technical computing environments. It provides a sophisticated compiler,
distributed parallel exe...Julia is a high-level, high-performance dynamic programming language for
technical computing, with syntax that is familiar to users of other
technical computing environments. It provides a sophisticated compiler,
distributed parallel execution, numerical accuracy, and an extensive
mathematical function library.
http://julialang.org
*(from redmine: issue id 4214, created on 2015-05-19)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/4213Package request: nim, nimble2019-07-14T22:14:56ZVlad FrolovPackage request: nim, nimbleNim (formerly known as “Nimrod”) is a statically typed, imperative
programming language that tries to give the programmer ultimate power
without compromises on runtime efficiency. This means it focuses on
compile-time mechanisms in all t...Nim (formerly known as “Nimrod”) is a statically typed, imperative
programming language that tries to give the programmer ultimate power
without compromises on runtime efficiency. This means it focuses on
compile-time mechanisms in all their various forms.
http://nim-lang.org/
There is a Dockerfile based on alpine:3.1, so Nim and Nimble compiles
against musl without issues:
https://github.com/coopernurse/docker-nim/blob/master/Dockerfile
*(from redmine: issue id 4213, created on 2015-05-19)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/4212[v3.1] wpa_supplicant: P2P SSID processing vulnerability (CVE-2015-1863)2019-07-23T13:53:33ZAlexander Belous[v3.1] wpa_supplicant: P2P SSID processing vulnerability (CVE-2015-1863)Heap-based buffer overflow in wpa\_supplicant 1.0 through 2.4 allows
remote attackers to cause a denial of service (crash), read memory, or
possibly execute arbitrary code via crafted SSID information in a
management frame when creating ...Heap-based buffer overflow in wpa\_supplicant 1.0 through 2.4 allows
remote attackers to cause a denial of service (crash), read memory, or
possibly execute arbitrary code via crafted SSID information in a
management frame when creating or updating P2P entries.
References:
PATCH: http://w1.fi/security/2015-1/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1863
*(from redmine: issue id 4212, created on 2015-05-18, closed on 2015-05-22)*
* Relations:
* parent #4208
* Changesets:
* Revision 8a7f64e70c1e5c6217b9fd22398aa1bd7cb78e66 by Natanael Copa on 2015-05-19T13:55:10Z:
```
main/wpa_supplicant: security fix for CVE-2015-1863
fixes #4212
```3.1.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4211[v3.0] wpa_supplicant: P2P SSID processing vulnerability (CVE-2015-1863)2019-07-23T13:53:34ZAlexander Belous[v3.0] wpa_supplicant: P2P SSID processing vulnerability (CVE-2015-1863)Heap-based buffer overflow in wpa\_supplicant 1.0 through 2.4 allows
remote attackers to cause a denial of service (crash), read memory, or
possibly execute arbitrary code via crafted SSID information in a
management frame when creating ...Heap-based buffer overflow in wpa\_supplicant 1.0 through 2.4 allows
remote attackers to cause a denial of service (crash), read memory, or
possibly execute arbitrary code via crafted SSID information in a
management frame when creating or updating P2P entries.
References:
PATCH: http://w1.fi/security/2015-1/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1863
*(from redmine: issue id 4211, created on 2015-05-18, closed on 2015-05-22)*
* Relations:
* parent #4208
* Changesets:
* Revision b92df58cbcca0791c5a3e471e29bed3b5746a44f by Natanael Copa on 2015-05-19T13:57:10Z:
```
main/wpa_supplicant: security fix for CVE-2015-1863
fixes #4211
```3.0.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4210[v2.7] wpa_supplicant: P2P SSID processing vulnerability (CVE-2015-1863)2019-07-23T13:53:35ZAlexander Belous[v2.7] wpa_supplicant: P2P SSID processing vulnerability (CVE-2015-1863)Heap-based buffer overflow in wpa\_supplicant 1.0 through 2.4 allows
remote attackers to cause a denial of service (crash), read memory, or
possibly execute arbitrary code via crafted SSID information in a
management frame when creating ...Heap-based buffer overflow in wpa\_supplicant 1.0 through 2.4 allows
remote attackers to cause a denial of service (crash), read memory, or
possibly execute arbitrary code via crafted SSID information in a
management frame when creating or updating P2P entries.
References:
PATCH: http://w1.fi/security/2015-1/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1863
*(from redmine: issue id 4210, created on 2015-05-18, closed on 2015-05-22)*
* Relations:
* parent #4208
* Changesets:
* Revision f884e336d5348fdbdb34376627fb5f949dfc00e4 by Natanael Copa on 2015-05-19T14:35:08Z:
```
main/wpa_supplicant: security fix for CVE-2015-1863
fixes #4210
```Alpine 2.7.10Natanael CopaNatanael Copa