-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 11 Apr 2025 16:29:46 +0200 Source: wpa Binary: eapoltest eapoltest-dbgsym hostapd hostapd-dbgsym libwpa-client-dev wpagui wpagui-dbgsym wpasupplicant wpasupplicant-dbgsym wpasupplicant-udeb Architecture: armhf Version: 2:2.10-12+deb12u3 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-ubc-06) Changed-By: Bastien Roucariès Description: eapoltest - EAPoL testing utility hostapd - access point and authentication server for Wi-Fi and Ethernet libwpa-client-dev - development files for WPA/WPA2 client support (IEEE 802.11i) wpagui - graphical user interface for wpa_supplicant wpasupplicant - client support for WPA and WPA2 (IEEE 802.11i) wpasupplicant-udeb - client support for WPA and WPA2 (IEEE 802.11i) (udeb) Changes: wpa (2:2.10-12+deb12u3) bookworm; urgency=medium . * Non-maintainer upload by the LTS Security Team. * debian/patches/CVE-2022-37660.patch: Add hostapd_dpp_pkex_clear_code() and wpas_dpp_pkex_clear_code(), and clear code reusage in ./src/ap/dpp_hostapd.c and ./wpa_supplicant/dpp_supplicant.c * Fix CVE-2022-37660: the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the encrypting element Qi and subtracting it from the captured message M (X = M - Qi). This will result in the public ephemeral key X; the only element required to subvert the PKEX association Checksums-Sha1: 2a0ef9b5adcc05f5b603a6f3dd3b6949c4b5e460 4004940 eapoltest-dbgsym_2.10-12+deb12u3_armhf.deb 52ead3a6966392896d7fa43dc708b06dbd3ade3c 965308 eapoltest_2.10-12+deb12u3_armhf.deb 1acc55689b1f3a45b054a59cd2682404f63b8490 2731840 hostapd-dbgsym_2.10-12+deb12u3_armhf.deb a22bd89e6d4de5c9a0f2c02084d5ac02a6b5fcb2 741300 hostapd_2.10-12+deb12u3_armhf.deb 3e4645f6b6ca1cbfbfec041b8f7a7a143af01d13 31308 libwpa-client-dev_2.10-12+deb12u3_armhf.deb adb65595158396f8c667de43d128b8fc9fecccc7 15021 wpa_2.10-12+deb12u3_armhf-buildd.buildinfo 39b557e8fabd7d56a84a18015203d1ee47ad57df 2199904 wpagui-dbgsym_2.10-12+deb12u3_armhf.deb fa378a01da7d4d63dbb65ee9e85d4ade1a37aa20 301548 wpagui_2.10-12+deb12u3_armhf.deb d8a07937ca25414e6ad009c963daa448eda4f28a 4503820 wpasupplicant-dbgsym_2.10-12+deb12u3_armhf.deb 9bcbe66ed38da9a52d444e1f97917a578581adf8 312452 wpasupplicant-udeb_2.10-12+deb12u3_armhf.udeb 3e750d791618609b6752a74c203acfe9e8df3e09 1210976 wpasupplicant_2.10-12+deb12u3_armhf.deb Checksums-Sha256: 753819d579cb29e63e16fb0815edb9b98f731e8ec10eab350df5ec2f024dd24e 4004940 eapoltest-dbgsym_2.10-12+deb12u3_armhf.deb 0d53dd8da066a854a66e85f661d85de3ffd38458bde0de9e857b7982e01c6f58 965308 eapoltest_2.10-12+deb12u3_armhf.deb 25f00027f7aebd27cf6e9a1cee1ef56a830bcbf98e17f7c20ccdbbbc09fbe8d1 2731840 hostapd-dbgsym_2.10-12+deb12u3_armhf.deb 88072c311adbb29468c65a50a48a68d56eb2254354f4a26e61b2225128c718b7 741300 hostapd_2.10-12+deb12u3_armhf.deb 488c72344205b2ca4d07643d3d3c48f5d6cc9a0d279c93c693c4072723ce43a0 31308 libwpa-client-dev_2.10-12+deb12u3_armhf.deb 5c5b7910d6f5ab1c9d3bf048ae1c45a416bf7ba2faa70e89df4235dda2ad2c57 15021 wpa_2.10-12+deb12u3_armhf-buildd.buildinfo 6a39d4cd547a6ede4a563343e83960499111cfc8faa6d754e019d5e2f7b375dc 2199904 wpagui-dbgsym_2.10-12+deb12u3_armhf.deb 3037c3e9df5ee5f6ad643fbbeb4fde10502eaa327cf892147242800ef594a349 301548 wpagui_2.10-12+deb12u3_armhf.deb 13b90256934656f561c71de9ed2c4f44a89c00d4c7cb324c34a30cd5504ddca1 4503820 wpasupplicant-dbgsym_2.10-12+deb12u3_armhf.deb 02b79fa3cadd557990f3a88e8380cbd63165ca3a428770554397258b58f6e30f 312452 wpasupplicant-udeb_2.10-12+deb12u3_armhf.udeb 706d04f55d2fe6af101860649d7886524cc4bb15f7d493055a619689720a4e8c 1210976 wpasupplicant_2.10-12+deb12u3_armhf.deb Files: c8cc4b3012d050f312cdaab36c310363 4004940 debug optional eapoltest-dbgsym_2.10-12+deb12u3_armhf.deb efc025d637fc51a5e56e87f7ea85d2c3 965308 net optional eapoltest_2.10-12+deb12u3_armhf.deb 74869d27cb766a25011bf48f6db86109 2731840 debug optional hostapd-dbgsym_2.10-12+deb12u3_armhf.deb 610f170fdf75eead151de1cf7e1f4d48 741300 net optional hostapd_2.10-12+deb12u3_armhf.deb 3b7ccc5b09393a9288a87a64a36c35fe 31308 libdevel optional libwpa-client-dev_2.10-12+deb12u3_armhf.deb 6bb96abdb17281f5e140c915990121a3 15021 net optional wpa_2.10-12+deb12u3_armhf-buildd.buildinfo f5ec0100f741b4147c98991e03d02c83 2199904 debug optional wpagui-dbgsym_2.10-12+deb12u3_armhf.deb 08430db9691e37600fab150a29db8aa0 301548 net optional wpagui_2.10-12+deb12u3_armhf.deb bc538625ba75550fc2bd750a542fe262 4503820 debug optional wpasupplicant-dbgsym_2.10-12+deb12u3_armhf.deb 5715ac22233c1fec3ef911cc22890788 312452 debian-installer standard wpasupplicant-udeb_2.10-12+deb12u3_armhf.udeb 6f10103dbf1ff510bc0cfeaf6f6c4a00 1210976 net optional wpasupplicant_2.10-12+deb12u3_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpxWVfktWxVoKRwGgJ7tNDw2WyRsFAmhWfu0ACgkQJ7tNDw2W yRs5HxAAueCttcoEHkAzsvKFANA+QF6VBxZqngm2dJ25v/nOHEyL1clEMe1JkCQ7 mr7qG7Bc7SjazSaEUZHLn37WiWq0d5bKmlt+DxNbm54GyjZbHB8yjqXVPrnE2a+2 YhbJMjn4aeaAqdw509aqruJp+yn8Dca7CLmVod5LXphD/AQjKfH0hYc96ja4cdMn jqsC5dIAFATJ3SJPjoaiOk1cbGGX0HVlez9qxmh9/EHecI+v/e/Zc4UUcf8R2MeR qhZN/Ue8ezi8B0EnjEF2qV0nJcAaCdRq1v18YKmsWTaKP6SI1v2dXQxuZyUTcNu+ XLnE5lMM4ccldH5awjX5wQFDqQfU6ZQElm1wBoTWheXvNFCzXgGsAMz9knOLJ+JP s9Xbq37/o5Gz/Y//xJKoMkX2o6X8GpxBQlCu5T3aOj8Cox3VyC5MnA9CsD/fJYh8 MuFJVFkW9O1VrGclQVl2ftRal4agwQu/7nS3WoY12mYLzjzG1Vd4avkDa+E7f602 B11guly4E5OhN06bJ7Ut4cHVghCR+73BXgu8Wph6a48gcKhgGJpTqOOSMifWliZV 4mh/LTiSKmCKjbjEyUSo3FgN83D/FNEMWhjAv+2wg5ODy7md0/vd29IFd9FN5ShM Je5mEggxJnvDHAwy+tRyz5vu/AuVNFVxMIc2skUZjhMaA9DxdMk= =MAwy -----END PGP SIGNATURE-----