Re: Bug#1102675: bookworm-pu: package wpa/2:2.10-12+deb12u3

To: Bastien Roucaries <rouca@debian.org>, 1102675@bugs.debian.org
Cc: debian-boot@lists.debian.org
Subject: Re: Bug#1102675: bookworm-pu: package wpa/2:2.10-12+deb12u3
From: Jonathan Wiltshire <jmw@debian.org>
Date: Thu, 19 Jun 2025 12:38:01 +0100
Message-id: <[🔎] aFP2matQVG_JMp9Y@powdarrmonkey.net>
In-reply-to: <2521062.PYKUYFuaPT@debian-ei>
References: <2521062.PYKUYFuaPT@debian-ei>

Control: tag -1 d-i

On Fri, Apr 11, 2025 at 09:27:32PM +0200, Bastien Roucaries wrote:
> [ Changes ]
> Fix CVE-2022-37660: the PKEX code remains active even after a successful PKEX
> association. An attacker that successfully bootstrapped public keys with
> another entity using PKEX in the past, will be able to subvert a future
> bootstrapping by passively observing public keys, re-using the encrypting
> element Qi and subtracting it from the captured message M (X = M - Qi). This
> will result in the public ephemeral key X; the only element required to 
> subvert
> the PKEX association

d-i ack needed for the udeb; assuming no objections there, please tag
"confirmed" and upload.

Thanks,

-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Reply to:

Follow-Ups:
- Re: Bug#1102675: bookworm-pu: package wpa/2:2.10-12+deb12u3
  - From: Cyril Brulebois <kibi@debian.org>

Prev by Date: Uploading linux (6.12.33-1)
Next by Date: Bug#1106757: ppc64el Trixie: Need default 64KB page kernel or installer option
Previous by thread: Re: Uploading linux (6.12.33-1)
Next by thread: Re: Bug#1102675: bookworm-pu: package wpa/2:2.10-12+deb12u3
Index(es):
- Date
- Thread