-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 11 Apr 2025 16:29:46 +0200 Source: wpa Binary: eapoltest eapoltest-dbgsym hostapd hostapd-dbgsym libwpa-client-dev wpagui wpagui-dbgsym wpasupplicant wpasupplicant-dbgsym wpasupplicant-udeb Architecture: arm64 Version: 2:2.10-12+deb12u3 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-conova-04) Changed-By: Bastien Roucariès Description: eapoltest - EAPoL testing utility hostapd - access point and authentication server for Wi-Fi and Ethernet libwpa-client-dev - development files for WPA/WPA2 client support (IEEE 802.11i) wpagui - graphical user interface for wpa_supplicant wpasupplicant - client support for WPA and WPA2 (IEEE 802.11i) wpasupplicant-udeb - client support for WPA and WPA2 (IEEE 802.11i) (udeb) Changes: wpa (2:2.10-12+deb12u3) bookworm; urgency=medium . * Non-maintainer upload by the LTS Security Team. * debian/patches/CVE-2022-37660.patch: Add hostapd_dpp_pkex_clear_code() and wpas_dpp_pkex_clear_code(), and clear code reusage in ./src/ap/dpp_hostapd.c and ./wpa_supplicant/dpp_supplicant.c * Fix CVE-2022-37660: the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the encrypting element Qi and subtracting it from the captured message M (X = M - Qi). This will result in the public ephemeral key X; the only element required to subvert the PKEX association Checksums-Sha1: d71152c24c588eaa2664ec192217c5a412cab66c 4037172 eapoltest-dbgsym_2.10-12+deb12u3_arm64.deb 1082cbb280d56a86d752aafe5856a8feb08e3226 1045136 eapoltest_2.10-12+deb12u3_arm64.deb 6203a87c6fa47b389f509ed62eb5126cebf00aec 2775688 hostapd-dbgsym_2.10-12+deb12u3_arm64.deb 58e82725298b4472f805c72de7399ccfb817521c 797100 hostapd_2.10-12+deb12u3_arm64.deb 8be733173db565e21994551e6d6f0bd79a98c3e2 34808 libwpa-client-dev_2.10-12+deb12u3_arm64.deb 3881170292623f2279dba1e2de6b437744ced9b5 15171 wpa_2.10-12+deb12u3_arm64-buildd.buildinfo 40269961270d914dc0e9c294b6f78a95c359789d 2246160 wpagui-dbgsym_2.10-12+deb12u3_arm64.deb 2e138bb6544505389b40409f4dd4a8c9836f8baa 305448 wpagui_2.10-12+deb12u3_arm64.deb 53fe6733114f5930a4bca594b4f031dbcf3f1820 4551732 wpasupplicant-dbgsym_2.10-12+deb12u3_arm64.deb 32ef4f311b8f5c1dffa132bb65871abbd6110622 341324 wpasupplicant-udeb_2.10-12+deb12u3_arm64.udeb 19b6fb386f29f31bcf2b478ad800b3b3d0820f07 1305948 wpasupplicant_2.10-12+deb12u3_arm64.deb Checksums-Sha256: 630146e37f70a7a71a8e46e49f984da6c401a54d7b55b6727be217e9a74082b2 4037172 eapoltest-dbgsym_2.10-12+deb12u3_arm64.deb 4480e1690617be0bf5654e1bf8c3b4ca60a36f4bb90608a08ca664e809e02286 1045136 eapoltest_2.10-12+deb12u3_arm64.deb 6840c0e981e5d5bc46dc016b470edc9f07ec8a29acd64b7ab2aacf5bb3530a3e 2775688 hostapd-dbgsym_2.10-12+deb12u3_arm64.deb 876643852816092cfc9a4190cc83f54e2a7cba72bc18728c53c159941dd20c13 797100 hostapd_2.10-12+deb12u3_arm64.deb 02c27bbce96bb8ee26c44102b5d34b68d03c43131bdd6ee281419b80cbc1e30d 34808 libwpa-client-dev_2.10-12+deb12u3_arm64.deb 928e79b252c5f4a410d9591755ad604df2e7d45bf0d49b674219c3d5a061a239 15171 wpa_2.10-12+deb12u3_arm64-buildd.buildinfo d537dffae84cd052981ae81ae6294fc65e41a2198854fb550e930a66ece4c4a2 2246160 wpagui-dbgsym_2.10-12+deb12u3_arm64.deb 80183af244d5ed47e40c66754b0b61e6b077b2a33afab7425b713651764b98de 305448 wpagui_2.10-12+deb12u3_arm64.deb af0e9210d176c0bb0399658e20e7d85a7de19e39c8b735c6e10345397afefcd8 4551732 wpasupplicant-dbgsym_2.10-12+deb12u3_arm64.deb 98817b0569d53712586459cbc1df5c016638c9b2afac47dff045bfee57ea5412 341324 wpasupplicant-udeb_2.10-12+deb12u3_arm64.udeb 1902b606e0d895f689591a2c05e0ae3d98ee267f3dd38432762322baaef0d707 1305948 wpasupplicant_2.10-12+deb12u3_arm64.deb Files: 8b00f1be81540d116468b4d0b46a13f0 4037172 debug optional eapoltest-dbgsym_2.10-12+deb12u3_arm64.deb ed4c7f15b2db339105258dfbaed7058d 1045136 net optional eapoltest_2.10-12+deb12u3_arm64.deb bcd7f1d9bfc41714d101f2cab43f5967 2775688 debug optional hostapd-dbgsym_2.10-12+deb12u3_arm64.deb 5e9e04d4de26c02567f2a015bd0e819b 797100 net optional hostapd_2.10-12+deb12u3_arm64.deb f4050315c199f4da7faa77566c179bc2 34808 libdevel optional libwpa-client-dev_2.10-12+deb12u3_arm64.deb 5a837cec748b18ab73b8682ec767f19d 15171 net optional wpa_2.10-12+deb12u3_arm64-buildd.buildinfo df154b287bd30fd4922e7dcb422a6816 2246160 debug optional wpagui-dbgsym_2.10-12+deb12u3_arm64.deb 6cbad9f8bb1c2e596594bcf262e72edd 305448 net optional wpagui_2.10-12+deb12u3_arm64.deb 3ff8426ddfb3504bd7414cfc96a3ff23 4551732 debug optional wpasupplicant-dbgsym_2.10-12+deb12u3_arm64.deb 88c77bda1280af8594541504a676473b 341324 debian-installer standard wpasupplicant-udeb_2.10-12+deb12u3_arm64.udeb 31a3b07fc2a3b7d1b8d45741c0df0226 1305948 net optional wpasupplicant_2.10-12+deb12u3_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEvEwFZ4bqkVI+Rh6t+N4VxR6LZYEFAmhWe9EACgkQ+N4VxR6L ZYE5/g//Vp4tIHMpDnsHS9o/GNL4M9/WVnF+VGor1Elekvr++tdwXoEGBeInn4H/ 8s5qcuazbm+cAn6+KFZoMbFqcoxUkmJStdu/o3UTJksLou1Z28dHX3h7weuYtqb9 vj9QtHe08tHQMezrQFzm3kD2TkMWfUqJMMd0j/Xo4/7XBz6u6M8LNkP/XdfGjSde J8BsWd1TYL8UDUFbZyt+omd1dlGHn5HQwbKSWgt2jZiMl3BIuhjtP7HlEdyIxxQ2 ubscqL3IjH1wTK41QdLbg9ltOuRtspXFypyX887TBviW7nYI5jNhwvOYVoMR49Kd E94uv8Bg6YGpGTyls0GDAF4VdKyWF1ZrkmoEc4lH5jKpz6IZgRbUljCVLFBLH4Mk iK+zRdaJKRnW7eEvz6mOO3yB2EcKsXYPqJY1UnLpqwu2yBswaHTOMGr9dQj1uiiA 7n29rSFS83OBaMK2jGi1J+emd71KOtn39oz2Iz8041wQMJbON7wDV1OMgLQr2iKF fwkPRDRJX/dXXkq2M7535IeBuXxHNK1oY1PsTHaUCug5H3KTIlYETaFVx9x8U9Mv QtTDq160NBEE1ZqSRLsveQZoXP9b888+ZOkVRlDG5NIGDruq/sJOcZp8c6xTl+46 UXzheTiYK2Mr5PvKUc4ynlUBaLtoeh0eVJ5oKVbG11exjKuNLp8= =ctnk -----END PGP SIGNATURE-----