lp:~awe/snappy-hwe-snaps/+git/wpa-supplicant

Author: Tony Espy
Author Date: 2019-07-02 14:26:18 UTC

  [ Tony Espy <espy@canonical.com> ]
  * applied CVE patches from deb versions 2.4-0ubuntu6.2 thru 0ubuntu6.5
    - https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11555.html
    - https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9495.html
    - https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9497.html
    - https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9498.html
    - https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9499.html
    - https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10743.html
    - https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14526.html
    - https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4476.html
    - https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4477.html

   For more details see:
   Merge-Proposal: https://code.launchpad.net/~awe/snappy-hwe-snaps/+git/wpa-supplicant/+merge/369190

Author: Tony Espy
Author Date: 2019-06-21 20:41:31 UTC

EAP-pwd peer: Fix reassembly buffer handling

This patch was taken from the debian package 2.4-0ubuntu6.5.

https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11555.html

From d2d1a324ce937628e4d9d9999fe113819b7d4478 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Wed, 17 Apr 2019 02:21:20 +0300
Subject: [PATCH 3/3] EAP-pwd peer: Fix reassembly buffer handling

Unexpected fragment might result in data->inbuf not being allocated
before processing and that could have resulted in NULL pointer
dereference. Fix that by explicitly checking for data->inbuf to be
available before using it.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---
 src/eap_peer/eap_pwd.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

Author: System Enablement CI Bot
Author Date: 2017-10-16 17:44:30 UTC

Open development for 2.4.4-dev