Back to wpa PTS page

Accepted wpa 2:2.10-21.1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted wpa 2:2.10-21.1 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sun, 28 Apr 2024 21:50:25 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: wpa_2.10-21.1_source.changes
Debian-source: wpa
Debian-suite: unstable
Debian-version: 2:2.10-21.1
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type: Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID :Content-Description:In-Reply-To:References; bh=I8Ya9BuX3Q6Hqz/wBT8uOGu5LZfylg0tvNQe0hKtvVM=; b=AN9IUhdcyTAs/xMtRgmiqlTSE5 xwZ7DCs1RFDsJE5iJgHHNLr911VOd79Ts9DM6Cf8guk9DvVakiMxv9mr7iLvoJvMRklQ5XfAXS6VN AVFmPeesGpXhfesONgoQJaln27Ar6Q7QQ3spd1zsLV/sZJHl/khTMgWWNL1vYkH69ntejFjNPoqpi 8EhoiM33BrxkX41qVr5q8/U7lTfxg6IOYuEsacZC0UQKOHlIYs1NmlVa4lh93+JTUsVxCqoxXtDVe hKqIp62ADF38L3FFfHZpR7925Dpa046OPDsQyOj7L6i4jZtXSu7V71MMvOkaVHdrgCcDQ5Am1MAsY tbTVRz5Q==;
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1s1CPh-001GFw-JM@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 28 Apr 2024 21:07:32 +0000
Source: wpa
Architecture: source
Version: 2:2.10-21.1
Distribution: unstable
Urgency: medium
Maintainer: Debian wpasupplicant Maintainers <wpa@packages.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1064061
Changes:
 wpa (2:2.10-21.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Fix CVE-2023-52160 (Closes: #1064061):
     The implementation of PEAP in wpa_supplicant allows
     authentication bypass. For a successful attack,
     wpa_supplicant must be configured to not verify
     the network's TLS certificate during Phase 1
     authentication, and an eap_peap_decrypt vulnerability
     can then be abused to skip Phase 2 authentication.
     The attack vector is sending an EAP-TLV Success packet
     instead of starting Phase 2. This allows an adversary
     to impersonate Enterprise Wi-Fi networks.
Checksums-Sha1:
 512440e6e9bd144e4f2175a5271f2f57f3071259 2712 wpa_2.10-21.1.dsc
 4c9ba5c6755ab3e6c5997c63ba1640ba646ad2d0 92584 wpa_2.10-21.1.debian.tar.xz
 55130fb164e6d0e411fbcc2e9f31b63a2666352f 15498 wpa_2.10-21.1_amd64.buildinfo
Checksums-Sha256:
 ae335ab5709062018634780d48aaf1a93f41ecc261e856bc259853c20337a112 2712 wpa_2.10-21.1.dsc
 db646d5c29cdc818d1054b496a57e700315876ecc0c1d837ad3abb882ddeef12 92584 wpa_2.10-21.1.debian.tar.xz
 81612d83c25f84071500295332ecc4a25c154d3148feccf5ba067d78d701c492 15498 wpa_2.10-21.1_amd64.buildinfo
Files:
 6bb2dc3cfc6d7361aba9002cddc93ba5 2712 net optional wpa_2.10-21.1.dsc
 3f145f748a3f2a4b603d50e9dc39653c 92584 net optional wpa_2.10-21.1.debian.tar.xz
 c3679ab4c1172c74408f21481e9e2eaa 15498 net optional wpa_2.10-21.1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmYuwDIRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF8TYQ//Sngw6zlxyf2yO0yD2eSIVxgAh+SCDx25
9Zh2CguIw6EiEUr8rJVxfFfBctdQmhiDCdN/HaBgJEDcFhGaKBNLSxnWexrW02RR
uoI30GQCUoStWqhVPGVQ5dLpwkZZTubHL2EcbTY4n9UXVx7E3PJ/2F4A2f3zay1s
gxtXr3b46fhnzj+7PRrNg9czikLi4EWbIDzBq8bkMD5+71E5r6mShG//uHWBQfxd
tBF6RGtDYcBdA70MKex+FIlvMd7zKo5k4E3fsW67wXz5xesk973aazFOcO/d+BQD
EBNe/VfOVyR7D8qGCofYxeKYPI5A/lHcvhS6FPTOUgYCkWGZxqcHhFjg+tUkDOn5
OcrsV5Isu0VkR3LNb/VQ3XhWssqJW9iUzMxkY6QL3qLK2kPiInUmvkDf3KtaOgM1
hQRrrg2LOaisU8j1PUXKzz+q21TTZyBFeGvIEJAPmSdKkFBW3W/W9LVzy+mmxqhz
r1yfi5ZNqJCbgVMGC+W8X1pia7MXtyYp1bsGHaGo+XLY5VCDC9171bxfpB276xME
ese+Mw2zk8OnRrCoR4vHW3gs3vYa7TFCo8iQZS/i2UZl7YeuF1dAUa0zyp7teYVw
lpR0A5tcUa1ikg0B03gHkO2tyG0+sM0eDpFOwDNMUjopWo39s831FPAUpxe9Iupx
7jz2L9WZV3w=
=EgyM
-----END PGP SIGNATURE-----

Attachment: pgpFlJdql0QyQ.pgp
Description: PGP signature