1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted wpa 2:2.10-12+deb12u3 (source) into proposed-updates

    From Debian FTP Masters@21:1/5 to All on Sat Jun 21 11:20:01 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Fri, 11 Apr 2025 16:29:46 +0200
    Source: wpa
    Architecture: source
    Version: 2:2.10-12+deb12u3
    Distribution: bookworm
    Urgency: medium
    Maintainer: Debian wpasupplicant Maintainers <wpa@packages.debian.org> Changed-By: Bastien Roucariès <rouca@debian.org>
    Changes:
    wpa (2:2.10-12+deb12u3) bookworm; urgency=medium
    .
    * Non-maintainer upload by the LTS Security Team.
    * debian/patches/CVE-2022-37660.patch: Add hostapd_dpp_pkex_clear_code()
    and wpas_dpp_pkex_clear_code(), and clear code reusage in
    ./src/ap/dpp_hostapd.c and ./wpa_supplicant/dpp_supplicant.c
    * Fix CVE-2022-37660: the PKEX code remains active even after
    a successful PKEX association. An attacker that successfully
    bootstrapped public keys with another entity using PKEX in
    the past, will be able to subvert a future bootstrapping by
    passively observing public keys, re-using the encrypting
    element Qi and subtracting it from the captured message
    M (X = M - Qi). This will result in the public ephemeral
    key X; the only element required to subvert the PKEX association Checksums-Sha1:
    6ede38b73ab521dd3ee46482c5ed2e777bdccd81 2711 wpa_2.10-12+deb12u3.dsc
    5995b205af351c4f39fd136fbfef5bb2264c3a5d 2549336 wpa_2.10.orig.tar.xz
    9cb1a932acddacf29122dcee142a24dd40813b94 92060 wpa_2.10-12+deb12u3.debian.tar.xz
    8c3bccea86e1e552392215c9e270ebf9baebe866 15377 wpa_2.10-12+deb12u3_amd64.buildinfo
    Checksums-Sha256:
    1f8c9f13ca9ca75a68860fafe2fa0a6aaf57bb6f573d96d19ea95900c0c22958 2711 wpa_2.10-12+deb12u3.dsc
    b39f85be9d8fd58adee1acae3735ec0a1f7bdc460fe3f6fd76a1d57e9ac910c6 2549336 wpa_2.10.orig.tar.xz
    b4dcb6055e84149229810d08071bc304963f28dd312ffc224d4f408720c814ee 92060 wpa_2.10-12+deb12u3.debian.tar.xz
    6e00bf065743030c4911fdeb82a893b9de1a4efcfcb4052e177ddaeb6ac46562 15377 wpa_2.10-12+deb12u3_amd64.buildinfo
    Files:
    82236a85e43c56c6372795228b77e08a 2711 net optional wpa_2.10-12+deb12u3.dsc
    65a019b87548bbe385635f93cfa9cddb 2549336 net optional wpa_2.10.orig.tar.xz
    42280fdf3edbe3c2059bacc980fb02ee 92060 net optional wpa_2.10-12+deb12u3.debian.tar.xz
    4ef3e588d43f0cbb8bfe714d24a906c9 15377 net optional wpa_2.10-12+deb12u3_amd64.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmhVGXkACgkQADoaLapB CF+uwQ//WHo1pOH2g9YQmbSs75UmfxksUqs3QnS6FX2jF8Z0nTE3zo//K074j0vY +YmVPJgwqNFKCJP9npw579+voLSksjAh/9CEOAcf1ciXNtptMwCHwyVXYt2aAIhG 099db6nDbGqObpiAPFz2hoAU7YBMy8mKLg3byS7koiz8NHZ//8L+x7OxpCVU5w7i 9YNYGl5E/99kXlynYOrgrdUxCbRyEVKeTTcwsawpbo5/J8It8fF4ZW4EIzOTR8ix 2Qw58sR8y3SFM/8kDa0HwJHPSy767iZknqf5VP/0AvgpUnM5hgmzkdWM/4m6rb/g XS0QYhwaH6Nq5IgzcXsuEPrPbvtxtQm9IMlR/ltfDu47HechAbHcK3Qd9vBoJiIW u/0YcB0kUGLqf1YKy7FIzt9+tvZ+ADGDsd1nrqBWqiC1wNF3kxhtvz1fi2Nt6xhP DDei6M5HC7L3wu4CfyQUBmt5T/r9nDT2QnifDYgWMWo7lCdupvArsYphc1jwKbWX zbEfETiiPamkpiPVPy0TIqMqf8XkTvThSgaRkLp057Jvfdv1YSCKE6dffPuoPLIz YbAeGEZb38fs2z3MykfLwZ91wji8ksbtXTrzWJeN6pdatkrN4ugJIUcfjRJIkUJZ QIyR++JhOKchJkSDXnup9gFp7t/8Y/9EjHTZcAbT7+IhRFK0H7s=
    =75as
    -----END PGP SIGNATURE-----


    --==============02100187017057193=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaFZ4nAAKCRCb9qggYcy5 IfiMAP90HdNxvXCpew8H6LU4/U2H3Bol+/3qh8uDRl2+wxSa4wD+OyU3b3xDMjlG x+F2aQtO7CQk0/VOAXi6GFch/XKuuA4=QDaz
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)