There is a warning (german only) about wpasupplicant being vulnerable ***if*** compiled with Build-Option CONFIG_P2P .
Does anyone have a clue how to find out whether or not this is the case with the current Debian version
apt-cache policy wpasupplicant
wpasupplicant:
Installiert: 2.3-1
Until there is a new version, you (1) may patch and recompile your own package using Debian sources or you (2) may disable "p2p_disabled" in your wpa_supplicant.conf by setting it to "1". (Debian name may be slighly differnet).
As this is related to security I think it is ok to post it here in this section.
EDIT:
On my system I found only "/etc/dbus-1/system.d/wpa_supplicant.conf" without any reference to "p2p_disabled".
So this warning may be unnecessary .