Patch for KRACK (CVE-2017-13077)

Aaron LI aly at aaronly.me
Tue Oct 9 21:23:36 PDT 2018


On Tue, 9 Oct 2018 20:29:41 +0800
Ridwan Shariffdeen <rshariffdeen at gmail.com> wrote:

Hi Shariffdeen

> I noticed the wpa_supplicant code in (
> https://github.com/DragonFlyBSD/DragonFlyBSD/tree/master/contrib/wpa_supplicant)
> is not updated for the last 4 years.
> 
> There was a recent disclosure of bugs in wpa standard (
> https://www.krackattacks.com/)
> 
> I am wondering if the patches are merged or this is not a valid bug for
> DragonFlyBSD?
> Please help me clarify.

Thanks for referring to the security bug in dfly's base wpa_supplicant.
Yes, the base wpa_supplicant hasn't been updated for years, and its startup
script will print a warning suggesting that users should install the latest
wpa_supplicant from dports/packages.

Nevertheless, one developer may take time to upgrade the wpa_supplicant in
base.


Cheers,
-- 
Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20181010/da89ba94/attachment-0005.bin>


More information about the Users mailing list