Your message dated Thu, 20 Jun 2024 18:32:51 +0000
with message-id <e1skmaz-00brhn...@fasolo.debian.org>
and subject line Bug#1064061: fixed in wpa 2:2.10-12+deb12u1
has caused the Debian Bug report #1064061,
regarding wpa: CVE-2023-52160
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1064061: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064061
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: wpa
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for wpa.
CVE-2023-52160[0]:
https://www.top10vpn.com/research/wifi-vulnerabilities/
https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baff
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-52160
https://www.cve.org/CVERecord?id=CVE-2023-52160
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: wpa
Source-Version: 2:2.10-12+deb12u1
Done: Bastien Roucariès <ro...@debian.org>
We believe that the bug you reported is fixed in the latest version of
wpa, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1064...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <ro...@debian.org> (supplier of updated wpa package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 30 Apr 2024 22:45:18 +0000
Source: wpa
Architecture: source
Version: 2:2.10-12+deb12u1
Distribution: bookworm
Urgency: high
Maintainer: Debian wpasupplicant Maintainers <w...@packages.debian.org>
Changed-By: Bastien Roucariès <ro...@debian.org>
Closes: 1064061
Changes:
wpa (2:2.10-12+deb12u1) bookworm; urgency=high
.
* Non-maintainer upload on behalf of the Security Team.
* Fix CVE-2023-52160 (Closes: #1064061):
The implementation of PEAP in wpa_supplicant allows
authentication bypass. For a successful attack,
wpa_supplicant must be configured to not verify
the network's TLS certificate during Phase 1
authentication, and an eap_peap_decrypt vulnerability
can then be abused to skip Phase 2 authentication.
The attack vector is sending an EAP-TLV Success packet
instead of starting Phase 2. This allows an adversary
to impersonate Enterprise Wi-Fi networks.
Checksums-Sha1:
e3319110478beb692f3f4b897c41f73c576cf3f0 2736 wpa_2.10-12+deb12u1.dsc
8f5daa6109db1cd60ff3c330e2466c0c529152b9 90076
wpa_2.10-12+deb12u1.debian.tar.xz
9c584c35951e254fe3fd9fb567b3990e7100a18f 15130
wpa_2.10-12+deb12u1_amd64.buildinfo
Checksums-Sha256:
cc8c43409941e6d7c01cc33a3900f61ee7f55a0e27fd9a1580f782ea30f62a8b 2736
wpa_2.10-12+deb12u1.dsc
e43db1ae2c7aa9b181101506960aa3fbbd41c7633a9574ed91b35bbb7c488b9f 90076
wpa_2.10-12+deb12u1.debian.tar.xz
58aec782dfc2c2456773d0ccaac9550f4bfe8722cc57d409331dc9c877c098df 15130
wpa_2.10-12+deb12u1_amd64.buildinfo
Files:
f53e83ad5935109514976193a05c0002 2736 net optional wpa_2.10-12+deb12u1.dsc
c607a1c57bc2b3e701404455e2d3244e 90076 net optional
wpa_2.10-12+deb12u1.debian.tar.xz
b5bf877ecfbdde56311c35ce6b98036f 15130 net optional
wpa_2.10-12+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmZzUUYRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF9ECw/+NDhvwO6xIvHXooMmydQzqVcEEcqqefkr
qPNqbRgT1KoIa3d4O+8ybM2QLf0ZI+e0t2ZtySnTV0VLFiFAAAaIzajtW+Ip7zj6
nLDWSyRXSB2Cs3/RxVtwOg7KPDO+WeI4up7bSt4AtpT30tsJb0vq0l/D9LwE3nrv
/Er/5Lnc/I7+B0U1cbSi3n507N+t5SExfm0aQktXYom5KjFYTCUbjEMCylIrq9by
Q/iQQfHdW9Dmu9U4y3TG468zYl03XM3DRQ82i5JZOs5W9sWt/urKkx6bQBmhmcrY
aaugE3mOzMC39XAL0Y1aJfN2v/FxObQT8FMD4PFEsSS95U8kiIHZtcyjGUbrATCM
K7uHQL18sMbwkuU2jzxUYgrHtXfswuj4RTo1ebxlDf4po7Pj5J9IRKM2ZDOdQa4h
WSgCD8du3qgos3KXYge0q8fxlBXDKi9NeOh2WIf03t+TYnO1H6Zq5DKohemnzPTD
XG7d0Sk3w7gMBWur2xtcRK2ORr4ZHkgPfyBm8JniOvxOshxkFJWnVo0dz32/vuqz
l8nIQG99T+DSPMxkoGqoGWr68LEt8NiDdFBNCKXxvDaU4DpW814p6BGQ7Z7kyTDX
NelWexCINIToDSHGpqOEUPmH8LXbMSQGekgVyeIoR21aSttOtN/LC4xg+l887wjX
z0h33RUC304=
=jE5Q
-----END PGP SIGNATURE-----
pgpWAfX47cZMh.pgp
Description: PGP signature
--- End Message ---
