There is a warning (german only) (http://www.heise.de/newsticker/meldung/Schadcode-durch-WLAN-Pakete-2618115.html) about wpasupplicant being vulnerable ***if*** compiled with Build-Option CONFIG_P2P .
Does anyone have a clue how to find out whether or not this is the case with the current Debian version
Quoteapt-cache policy wpasupplicant
wpasupplicant:
Installiert: 2.3-1
Until there is a new version, you (1) may patch and recompile your own package using Debian sources or you (2) may disable "p2p_disabled" in your wpa_supplicant.conf by setting it to "1". (Debian name may be slighly differnet).
As this is related to security I think it is ok to post it here in this section.
EDIT:
On my system I found only "/etc/dbus-1/system.d/wpa_supplicant.conf" without any reference to "p2p_disabled".
So this warning may be unnecessary .
Hello micha,
a fixed wpasupplicant 2.3-2 package is pending in incoming:
* import "P2P: Validate SSID element length before copying it
(CVE-2015-1863)" from upstream (Closes: #783148 (http://bugs.debian.org/783148)).
greetings
musca