-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 11 Apr 2025 16:29:46 +0200
Source: wpa
Architecture: source
Version: 2:2.10-12+deb12u3
Distribution: bookworm
Urgency: medium
Maintainer: Debian wpasupplicant Maintainers <wpa@packages.debian.org>
Changed-By: Bastien RoucariÃ¨s <rouca@debian.org>
Changes:
 wpa (2:2.10-12+deb12u3) bookworm; urgency=medium
 .
   * Non-maintainer upload by the LTS Security Team.
   * debian/patches/CVE-2022-37660.patch: Add hostapd_dpp_pkex_clear_code()
     and wpas_dpp_pkex_clear_code(), and clear code reusage in
     ./src/ap/dpp_hostapd.c and ./wpa_supplicant/dpp_supplicant.c
   * Fix CVE-2022-37660: the PKEX code remains active even after
     a successful PKEX association. An attacker that successfully
     bootstrapped public keys with another entity using PKEX in
     the past, will be able to subvert a future bootstrapping by
     passively observing public keys, re-using the encrypting
     element Qi and subtracting it from the captured message
     M (X = M - Qi). This will result in the public ephemeral
     key X; the only element required to subvert the PKEX association
Checksums-Sha1:
 6ede38b73ab521dd3ee46482c5ed2e777bdccd81 2711 wpa_2.10-12+deb12u3.dsc
 5995b205af351c4f39fd136fbfef5bb2264c3a5d 2549336 wpa_2.10.orig.tar.xz
 9cb1a932acddacf29122dcee142a24dd40813b94 92060 wpa_2.10-12+deb12u3.debian.tar.xz
 8c3bccea86e1e552392215c9e270ebf9baebe866 15377 wpa_2.10-12+deb12u3_amd64.buildinfo
Checksums-Sha256:
 1f8c9f13ca9ca75a68860fafe2fa0a6aaf57bb6f573d96d19ea95900c0c22958 2711 wpa_2.10-12+deb12u3.dsc
 b39f85be9d8fd58adee1acae3735ec0a1f7bdc460fe3f6fd76a1d57e9ac910c6 2549336 wpa_2.10.orig.tar.xz
 b4dcb6055e84149229810d08071bc304963f28dd312ffc224d4f408720c814ee 92060 wpa_2.10-12+deb12u3.debian.tar.xz
 6e00bf065743030c4911fdeb82a893b9de1a4efcfcb4052e177ddaeb6ac46562 15377 wpa_2.10-12+deb12u3_amd64.buildinfo
Files:
 82236a85e43c56c6372795228b77e08a 2711 net optional wpa_2.10-12+deb12u3.dsc
 65a019b87548bbe385635f93cfa9cddb 2549336 net optional wpa_2.10.orig.tar.xz
 42280fdf3edbe3c2059bacc980fb02ee 92060 net optional wpa_2.10-12+deb12u3.debian.tar.xz
 4ef3e588d43f0cbb8bfe714d24a906c9 15377 net optional wpa_2.10-12+deb12u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmhVGXkACgkQADoaLapB
CF+uwQ//WHo1pOH2g9YQmbSs75UmfxksUqs3QnS6FX2jF8Z0nTE3zo//K074j0vY
+YmVPJgwqNFKCJP9npw579+voLSksjAh/9CEOAcf1ciXNtptMwCHwyVXYt2aAIhG
099db6nDbGqObpiAPFz2hoAU7YBMy8mKLg3byS7koiz8NHZ//8L+x7OxpCVU5w7i
9YNYGl5E/99kXlynYOrgrdUxCbRyEVKeTTcwsawpbo5/J8It8fF4ZW4EIzOTR8ix
2Qw58sR8y3SFM/8kDa0HwJHPSy767iZknqf5VP/0AvgpUnM5hgmzkdWM/4m6rb/g
XS0QYhwaH6Nq5IgzcXsuEPrPbvtxtQm9IMlR/ltfDu47HechAbHcK3Qd9vBoJiIW
u/0YcB0kUGLqf1YKy7FIzt9+tvZ+ADGDsd1nrqBWqiC1wNF3kxhtvz1fi2Nt6xhP
DDei6M5HC7L3wu4CfyQUBmt5T/r9nDT2QnifDYgWMWo7lCdupvArsYphc1jwKbWX
zbEfETiiPamkpiPVPy0TIqMqf8XkTvThSgaRkLp057Jvfdv1YSCKE6dffPuoPLIz
YbAeGEZb38fs2z3MykfLwZ91wji8ksbtXTrzWJeN6pdatkrN4ugJIUcfjRJIkUJZ
QIyR++JhOKchJkSDXnup9gFp7t/8Y/9EjHTZcAbT7+IhRFK0H7s=
=75as
-----END PGP SIGNATURE-----