releases vulnerable to KRACK

Antoine Beaupré anarcat at
Thu Oct 26 09:46:40 PDT 2017


I'm working on LTS security support for Debian and the version there is
based on the 1.0 release. I have backported the patchset here:

But it just occured to me that 1.0 might not be vulnerable at all. Is
there documentation on which releases of the wpa code are vulnerable to
the various CVEs?

A quick review of the patchset would of course be hugely appreciated.


The survival of humans and other species on planet Earth in my view can
only be guaranteed via a timely transition towards a stationary
state, a world economy without growth.
                         - Peter Custers

More information about the Hostap mailing list