-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 11 Apr 2025 16:29:46 +0200
Source: wpa
Binary: eapoltest eapoltest-dbgsym hostapd hostapd-dbgsym libwpa-client-dev wpagui wpagui-dbgsym wpasupplicant wpasupplicant-dbgsym wpasupplicant-udeb
Architecture: arm64
Version: 2:2.10-12+deb12u3
Distribution: bookworm
Urgency: medium
Maintainer: arm Build Daemon (arm-conova-04) <buildd_arm64-arm-conova-04@buildd.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
eapoltest - EAPoL testing utility
hostapd - access point and authentication server for Wi-Fi and Ethernet
libwpa-client-dev - development files for WPA/WPA2 client support (IEEE 802.11i)
wpagui - graphical user interface for wpa_supplicant
wpasupplicant - client support for WPA and WPA2 (IEEE 802.11i)
wpasupplicant-udeb - client support for WPA and WPA2 (IEEE 802.11i) (udeb)
Changes:
wpa (2:2.10-12+deb12u3) bookworm; urgency=medium
.
* Non-maintainer upload by the LTS Security Team.
* debian/patches/CVE-2022-37660.patch: Add hostapd_dpp_pkex_clear_code()
and wpas_dpp_pkex_clear_code(), and clear code reusage in
./src/ap/dpp_hostapd.c and ./wpa_supplicant/dpp_supplicant.c
* Fix CVE-2022-37660: the PKEX code remains active even after
a successful PKEX association. An attacker that successfully
bootstrapped public keys with another entity using PKEX in
the past, will be able to subvert a future bootstrapping by
passively observing public keys, re-using the encrypting
element Qi and subtracting it from the captured message
M (X = M - Qi). This will result in the public ephemeral
key X; the only element required to subvert the PKEX association
Checksums-Sha1:
d71152c24c588eaa2664ec192217c5a412cab66c 4037172 eapoltest-dbgsym_2.10-12+deb12u3_arm64.deb
1082cbb280d56a86d752aafe5856a8feb08e3226 1045136 eapoltest_2.10-12+deb12u3_arm64.deb
6203a87c6fa47b389f509ed62eb5126cebf00aec 2775688 hostapd-dbgsym_2.10-12+deb12u3_arm64.deb
58e82725298b4472f805c72de7399ccfb817521c 797100 hostapd_2.10-12+deb12u3_arm64.deb
8be733173db565e21994551e6d6f0bd79a98c3e2 34808 libwpa-client-dev_2.10-12+deb12u3_arm64.deb
3881170292623f2279dba1e2de6b437744ced9b5 15171 wpa_2.10-12+deb12u3_arm64-buildd.buildinfo
40269961270d914dc0e9c294b6f78a95c359789d 2246160 wpagui-dbgsym_2.10-12+deb12u3_arm64.deb
2e138bb6544505389b40409f4dd4a8c9836f8baa 305448 wpagui_2.10-12+deb12u3_arm64.deb
53fe6733114f5930a4bca594b4f031dbcf3f1820 4551732 wpasupplicant-dbgsym_2.10-12+deb12u3_arm64.deb
32ef4f311b8f5c1dffa132bb65871abbd6110622 341324 wpasupplicant-udeb_2.10-12+deb12u3_arm64.udeb
19b6fb386f29f31bcf2b478ad800b3b3d0820f07 1305948 wpasupplicant_2.10-12+deb12u3_arm64.deb
Checksums-Sha256:
630146e37f70a7a71a8e46e49f984da6c401a54d7b55b6727be217e9a74082b2 4037172 eapoltest-dbgsym_2.10-12+deb12u3_arm64.deb
4480e1690617be0bf5654e1bf8c3b4ca60a36f4bb90608a08ca664e809e02286 1045136 eapoltest_2.10-12+deb12u3_arm64.deb
6840c0e981e5d5bc46dc016b470edc9f07ec8a29acd64b7ab2aacf5bb3530a3e 2775688 hostapd-dbgsym_2.10-12+deb12u3_arm64.deb
876643852816092cfc9a4190cc83f54e2a7cba72bc18728c53c159941dd20c13 797100 hostapd_2.10-12+deb12u3_arm64.deb
02c27bbce96bb8ee26c44102b5d34b68d03c43131bdd6ee281419b80cbc1e30d 34808 libwpa-client-dev_2.10-12+deb12u3_arm64.deb
928e79b252c5f4a410d9591755ad604df2e7d45bf0d49b674219c3d5a061a239 15171 wpa_2.10-12+deb12u3_arm64-buildd.buildinfo
d537dffae84cd052981ae81ae6294fc65e41a2198854fb550e930a66ece4c4a2 2246160 wpagui-dbgsym_2.10-12+deb12u3_arm64.deb
80183af244d5ed47e40c66754b0b61e6b077b2a33afab7425b713651764b98de 305448 wpagui_2.10-12+deb12u3_arm64.deb
af0e9210d176c0bb0399658e20e7d85a7de19e39c8b735c6e10345397afefcd8 4551732 wpasupplicant-dbgsym_2.10-12+deb12u3_arm64.deb
98817b0569d53712586459cbc1df5c016638c9b2afac47dff045bfee57ea5412 341324 wpasupplicant-udeb_2.10-12+deb12u3_arm64.udeb
1902b606e0d895f689591a2c05e0ae3d98ee267f3dd38432762322baaef0d707 1305948 wpasupplicant_2.10-12+deb12u3_arm64.deb
Files:
8b00f1be81540d116468b4d0b46a13f0 4037172 debug optional eapoltest-dbgsym_2.10-12+deb12u3_arm64.deb
ed4c7f15b2db339105258dfbaed7058d 1045136 net optional eapoltest_2.10-12+deb12u3_arm64.deb
bcd7f1d9bfc41714d101f2cab43f5967 2775688 debug optional hostapd-dbgsym_2.10-12+deb12u3_arm64.deb
5e9e04d4de26c02567f2a015bd0e819b 797100 net optional hostapd_2.10-12+deb12u3_arm64.deb
f4050315c199f4da7faa77566c179bc2 34808 libdevel optional libwpa-client-dev_2.10-12+deb12u3_arm64.deb
5a837cec748b18ab73b8682ec767f19d 15171 net optional wpa_2.10-12+deb12u3_arm64-buildd.buildinfo
df154b287bd30fd4922e7dcb422a6816 2246160 debug optional wpagui-dbgsym_2.10-12+deb12u3_arm64.deb
6cbad9f8bb1c2e596594bcf262e72edd 305448 net optional wpagui_2.10-12+deb12u3_arm64.deb
3ff8426ddfb3504bd7414cfc96a3ff23 4551732 debug optional wpasupplicant-dbgsym_2.10-12+deb12u3_arm64.deb
88c77bda1280af8594541504a676473b 341324 debian-installer standard wpasupplicant-udeb_2.10-12+deb12u3_arm64.udeb
31a3b07fc2a3b7d1b8d45741c0df0226 1305948 net optional wpasupplicant_2.10-12+deb12u3_arm64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEvEwFZ4bqkVI+Rh6t+N4VxR6LZYEFAmhWe9EACgkQ+N4VxR6L
ZYE5/g//Vp4tIHMpDnsHS9o/GNL4M9/WVnF+VGor1Elekvr++tdwXoEGBeInn4H/
8s5qcuazbm+cAn6+KFZoMbFqcoxUkmJStdu/o3UTJksLou1Z28dHX3h7weuYtqb9
vj9QtHe08tHQMezrQFzm3kD2TkMWfUqJMMd0j/Xo4/7XBz6u6M8LNkP/XdfGjSde
J8BsWd1TYL8UDUFbZyt+omd1dlGHn5HQwbKSWgt2jZiMl3BIuhjtP7HlEdyIxxQ2
ubscqL3IjH1wTK41QdLbg9ltOuRtspXFypyX887TBviW7nYI5jNhwvOYVoMR49Kd
E94uv8Bg6YGpGTyls0GDAF4VdKyWF1ZrkmoEc4lH5jKpz6IZgRbUljCVLFBLH4Mk
iK+zRdaJKRnW7eEvz6mOO3yB2EcKsXYPqJY1UnLpqwu2yBswaHTOMGr9dQj1uiiA
7n29rSFS83OBaMK2jGi1J+emd71KOtn39oz2Iz8041wQMJbON7wDV1OMgLQr2iKF
fwkPRDRJX/dXXkq2M7535IeBuXxHNK1oY1PsTHaUCug5H3KTIlYETaFVx9x8U9Mv
QtTDq160NBEE1ZqSRLsveQZoXP9b888+ZOkVRlDG5NIGDruq/sJOcZp8c6xTl+46
UXzheTiYK2Mr5PvKUc4ynlUBaLtoeh0eVJ5oKVbG11exjKuNLp8=
=ctnk
-----END PGP SIGNATURE-----