---
- branch: MAIN
  date: Wed Apr 10 17:50:28 UTC 2019
  files:
  - new: '1.2'
    old: 1.1.1.6
    path: src/external/bsd/wpa/dist/src/eap_common/eap_pwd_common.c
    pathrev: src/external/bsd/wpa/dist/src/eap_common/eap_pwd_common.c@1.2
    type: modified
  - new: '1.2'
    old: 1.1.1.5
    path: src/external/bsd/wpa/dist/src/eap_common/eap_pwd_common.h
    pathrev: src/external/bsd/wpa/dist/src/eap_common/eap_pwd_common.h@1.2
    type: modified
  - new: '1.8'
    old: '1.7'
    path: src/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c
    pathrev: src/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c@1.8
    type: modified
  - new: '1.8'
    old: '1.7'
    path: src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c
    pathrev: src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c@1.8
    type: modified
  id: 20190410T175028Z.4d8d88c253b43c2a35de0a3b0b949999dfc6d80d
  log: |
    This adds an explicit check for 0 < x,y < prime based on RFC 5931,
    2.8.5.2.2 requirement. The earlier checks might have covered this
    implicitly, but it is safer to avoid any dependency on implicit checks
    and specific crypto library behavior. (CVE-2019-9498 and CVE-2019-9499)

    Furthermore, this moves the EAP-pwd element and scalar parsing and
    validation steps into shared helper functions so that there is no need
    to maintain two separate copies of this common functionality between the
    server and peer implementations.
  module: src
  subject: 'CVS commit: src/external/bsd/wpa/dist/src'
  unixtime: '1554918628'
  user: christos