Hi David, You may have already be advertised, but in case... the current version of wpa_supplicant in openbsd-ports may be vulnerable to a remote command execution.
The vulnerability description is here: http://w1.fi/security/2014-1/wpacli-action-scripts.txt The vulnerability on v2.2 is triggeable if some configuration options are enable (CONFIG_P2P or CONFIG_WNM or CONFIG_HS20 or CONFIG_WPS), but I don't see any of them in current build (files/config). So I don't sure if the version in ports is vulnerable or not. Thanks. -- Sébastien Marie
