-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 11 Apr 2025 16:29:46 +0200 Source: wpa Architecture: source Version: 2:2.10-12+deb12u3 Distribution: bookworm Urgency: medium Maintainer: Debian wpasupplicant Maintainers Changed-By: Bastien Roucariès Changes: wpa (2:2.10-12+deb12u3) bookworm; urgency=medium . * Non-maintainer upload by the LTS Security Team. * debian/patches/CVE-2022-37660.patch: Add hostapd_dpp_pkex_clear_code() and wpas_dpp_pkex_clear_code(), and clear code reusage in ./src/ap/dpp_hostapd.c and ./wpa_supplicant/dpp_supplicant.c * Fix CVE-2022-37660: the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the encrypting element Qi and subtracting it from the captured message M (X = M - Qi). This will result in the public ephemeral key X; the only element required to subvert the PKEX association Checksums-Sha1: 6ede38b73ab521dd3ee46482c5ed2e777bdccd81 2711 wpa_2.10-12+deb12u3.dsc 5995b205af351c4f39fd136fbfef5bb2264c3a5d 2549336 wpa_2.10.orig.tar.xz 9cb1a932acddacf29122dcee142a24dd40813b94 92060 wpa_2.10-12+deb12u3.debian.tar.xz 8c3bccea86e1e552392215c9e270ebf9baebe866 15377 wpa_2.10-12+deb12u3_amd64.buildinfo Checksums-Sha256: 1f8c9f13ca9ca75a68860fafe2fa0a6aaf57bb6f573d96d19ea95900c0c22958 2711 wpa_2.10-12+deb12u3.dsc b39f85be9d8fd58adee1acae3735ec0a1f7bdc460fe3f6fd76a1d57e9ac910c6 2549336 wpa_2.10.orig.tar.xz b4dcb6055e84149229810d08071bc304963f28dd312ffc224d4f408720c814ee 92060 wpa_2.10-12+deb12u3.debian.tar.xz 6e00bf065743030c4911fdeb82a893b9de1a4efcfcb4052e177ddaeb6ac46562 15377 wpa_2.10-12+deb12u3_amd64.buildinfo Files: 82236a85e43c56c6372795228b77e08a 2711 net optional wpa_2.10-12+deb12u3.dsc 65a019b87548bbe385635f93cfa9cddb 2549336 net optional wpa_2.10.orig.tar.xz 42280fdf3edbe3c2059bacc980fb02ee 92060 net optional wpa_2.10-12+deb12u3.debian.tar.xz 4ef3e588d43f0cbb8bfe714d24a906c9 15377 net optional wpa_2.10-12+deb12u3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmhVGXkACgkQADoaLapB CF+uwQ//WHo1pOH2g9YQmbSs75UmfxksUqs3QnS6FX2jF8Z0nTE3zo//K074j0vY +YmVPJgwqNFKCJP9npw579+voLSksjAh/9CEOAcf1ciXNtptMwCHwyVXYt2aAIhG 099db6nDbGqObpiAPFz2hoAU7YBMy8mKLg3byS7koiz8NHZ//8L+x7OxpCVU5w7i 9YNYGl5E/99kXlynYOrgrdUxCbRyEVKeTTcwsawpbo5/J8It8fF4ZW4EIzOTR8ix 2Qw58sR8y3SFM/8kDa0HwJHPSy767iZknqf5VP/0AvgpUnM5hgmzkdWM/4m6rb/g XS0QYhwaH6Nq5IgzcXsuEPrPbvtxtQm9IMlR/ltfDu47HechAbHcK3Qd9vBoJiIW u/0YcB0kUGLqf1YKy7FIzt9+tvZ+ADGDsd1nrqBWqiC1wNF3kxhtvz1fi2Nt6xhP DDei6M5HC7L3wu4CfyQUBmt5T/r9nDT2QnifDYgWMWo7lCdupvArsYphc1jwKbWX zbEfETiiPamkpiPVPy0TIqMqf8XkTvThSgaRkLp057Jvfdv1YSCKE6dffPuoPLIz YbAeGEZb38fs2z3MykfLwZ91wji8ksbtXTrzWJeN6pdatkrN4ugJIUcfjRJIkUJZ QIyR++JhOKchJkSDXnup9gFp7t/8Y/9EjHTZcAbT7+IhRFK0H7s= =75as -----END PGP SIGNATURE-----