Hi, I'm working on LTS security support for Debian and the version there is based on the 1.0 release. I have backported the patchset here: https://lists.debian.org/87k1zlbfbe.fsf@xxxxxxxxxxxxxx But it just occured to me that 1.0 might not be vulnerable at all. Is there documentation on which releases of the wpa code are vulnerable to the various CVEs? A quick review of the patchset would of course be hugely appreciated. A. -- The survival of humans and other species on planet Earth in my view can only be guaranteed via a timely transition towards a stationary state, a world economy without growth. - Peter Custers _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap