Description: Heap overflow in add_ie_rates() function of libertas Wifi Driver
References:
 https://www.openwall.com/lists/oss-security/2019/11/22/1
 https://patchwork.kernel.org/patch/11257187/
 https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers.git/commit/?id=e5e884b42639c74b5b57dc277909915c0aefc8bb
Notes:
 bwh> Introduced in 2.6.36 by commit e86dc1ca4676 "Libertas: cfg80211 support".
Bugs:
upstream: needed
4.19-upstream-stable: needed
4.9-upstream-stable: needed
3.16-upstream-stable: needed
sid: needed
4.19-buster-security: needed
4.9-stretch-security: needed
3.16-jessie-security: pending (3.16.81-1) [bugfix/all/libertas-fix-two-buffer-overflows-at-parsing-bss-descriptor.patch]