Accepted wpa 2:2.10-12+deb12u1 (source) into proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted wpa 2:2.10-12+deb12u1 (source) into proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Thu, 20 Jun 2024 18:32:51 +0000
Message-id: <[🔎] E1sKMaZ-00BrHi-22@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 30 Apr 2024 22:45:18 +0000
Source: wpa
Architecture: source
Version: 2:2.10-12+deb12u1
Distribution: bookworm
Urgency: high
Maintainer: Debian wpasupplicant Maintainers <wpa@packages.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1064061
Changes:
 wpa (2:2.10-12+deb12u1) bookworm; urgency=high
 .
   * Non-maintainer upload on behalf of the Security Team.
   * Fix CVE-2023-52160 (Closes: #1064061):
     The implementation of PEAP in wpa_supplicant allows
     authentication bypass. For a successful attack,
     wpa_supplicant must be configured to not verify
     the network's TLS certificate during Phase 1
     authentication, and an eap_peap_decrypt vulnerability
     can then be abused to skip Phase 2 authentication.
     The attack vector is sending an EAP-TLV Success packet
     instead of starting Phase 2. This allows an adversary
     to impersonate Enterprise Wi-Fi networks.
Checksums-Sha1:
 e3319110478beb692f3f4b897c41f73c576cf3f0 2736 wpa_2.10-12+deb12u1.dsc
 8f5daa6109db1cd60ff3c330e2466c0c529152b9 90076 wpa_2.10-12+deb12u1.debian.tar.xz
 9c584c35951e254fe3fd9fb567b3990e7100a18f 15130 wpa_2.10-12+deb12u1_amd64.buildinfo
Checksums-Sha256:
 cc8c43409941e6d7c01cc33a3900f61ee7f55a0e27fd9a1580f782ea30f62a8b 2736 wpa_2.10-12+deb12u1.dsc
 e43db1ae2c7aa9b181101506960aa3fbbd41c7633a9574ed91b35bbb7c488b9f 90076 wpa_2.10-12+deb12u1.debian.tar.xz
 58aec782dfc2c2456773d0ccaac9550f4bfe8722cc57d409331dc9c877c098df 15130 wpa_2.10-12+deb12u1_amd64.buildinfo
Files:
 f53e83ad5935109514976193a05c0002 2736 net optional wpa_2.10-12+deb12u1.dsc
 c607a1c57bc2b3e701404455e2d3244e 90076 net optional wpa_2.10-12+deb12u1.debian.tar.xz
 b5bf877ecfbdde56311c35ce6b98036f 15130 net optional wpa_2.10-12+deb12u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmZzUUYRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF9ECw/+NDhvwO6xIvHXooMmydQzqVcEEcqqefkr
qPNqbRgT1KoIa3d4O+8ybM2QLf0ZI+e0t2ZtySnTV0VLFiFAAAaIzajtW+Ip7zj6
nLDWSyRXSB2Cs3/RxVtwOg7KPDO+WeI4up7bSt4AtpT30tsJb0vq0l/D9LwE3nrv
/Er/5Lnc/I7+B0U1cbSi3n507N+t5SExfm0aQktXYom5KjFYTCUbjEMCylIrq9by
Q/iQQfHdW9Dmu9U4y3TG468zYl03XM3DRQ82i5JZOs5W9sWt/urKkx6bQBmhmcrY
aaugE3mOzMC39XAL0Y1aJfN2v/FxObQT8FMD4PFEsSS95U8kiIHZtcyjGUbrATCM
K7uHQL18sMbwkuU2jzxUYgrHtXfswuj4RTo1ebxlDf4po7Pj5J9IRKM2ZDOdQa4h
WSgCD8du3qgos3KXYge0q8fxlBXDKi9NeOh2WIf03t+TYnO1H6Zq5DKohemnzPTD
XG7d0Sk3w7gMBWur2xtcRK2ORr4ZHkgPfyBm8JniOvxOshxkFJWnVo0dz32/vuqz
l8nIQG99T+DSPMxkoGqoGWr68LEt8NiDdFBNCKXxvDaU4DpW814p6BGQ7Z7kyTDX
NelWexCINIToDSHGpqOEUPmH8LXbMSQGekgVyeIoR21aSttOtN/LC4xg+l887wjX
z0h33RUC304=
=jE5Q
-----END PGP SIGNATURE-----

Attachment: pgpmDZTfIWniS.pgp
Description: PGP signature

Reply to:

Prev by Date: Accepted nvidia-graphics-drivers-tesla-470 470.256.02-1~deb12u1 (source) into proposed-updates
Next by Date: Accepted nvidia-graphics-drivers-tesla-470 470.256.02-1~deb11u1 (source) into oldstable-proposed-updates
Previous by thread: Accepted nvidia-graphics-drivers-tesla-470 470.256.02-1~deb12u1 (source) into proposed-updates
Next by thread: Accepted nvidia-graphics-drivers-tesla-470 470.256.02-1~deb11u1 (source) into oldstable-proposed-updates
Index(es):
- Date
- Thread