-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 30 Apr 2024 22:45:18 +0000
Source: wpa
Architecture: source
Version: 2:2.9.0-21+deb11u1
Distribution: bullseye
Urgency: high
Maintainer: Debian wpasupplicant Maintainers <wpa@packages.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1064061
Changes:
 wpa (2:2.9.0-21+deb11u1) bullseye; urgency=high
 .
   * Non-maintainer upload on behalf of the Security Team.
   * Fix CVE-2023-52160 (Closes: #1064061):
     The implementation of PEAP in wpa_supplicant allows
     authentication bypass. For a successful attack,
     wpa_supplicant must be configured to not verify
     the network's TLS certificate during Phase 1
     authentication, and an eap_peap_decrypt vulnerability
     can then be abused to skip Phase 2 authentication.
     The attack vector is sending an EAP-TLV Success packet
     instead of starting Phase 2. This allows an adversary
     to impersonate Enterprise Wi-Fi networks.
Checksums-Sha1:
 98c686fc6d64966138bfba62f86c3a28b46d44d3 2750 wpa_2.9.0-21+deb11u1.dsc
 7ab0feab3e76ec97f76f6f9729b0f6d160025332 100008 wpa_2.9.0-21+deb11u1.debian.tar.xz
 13db589af495147884d3075b45894f0b9c5849ee 15334 wpa_2.9.0-21+deb11u1_amd64.buildinfo
Checksums-Sha256:
 eeb694560127225218bc923e5ac0d5065522311e45d4d2e9de730541cb32577b 2750 wpa_2.9.0-21+deb11u1.dsc
 44cd4f6983689ace4eba0ae142bd3fc6a72865b22a720aa421446715e14f1650 100008 wpa_2.9.0-21+deb11u1.debian.tar.xz
 b133be59a02a2af58175e8a460fa2a80b51e9a0d0bb86742f22e9a11538a6218 15334 wpa_2.9.0-21+deb11u1_amd64.buildinfo
Files:
 6a13e4995739b3282fbd30fb21318a48 2750 net optional wpa_2.9.0-21+deb11u1.dsc
 e774e4612d40c0e593f6ca059d3e0322 100008 net optional wpa_2.9.0-21+deb11u1.debian.tar.xz
 7e1418080dee422f42debb9f1386c325 15334 net optional wpa_2.9.0-21+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmZzUP0RHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF/IuQ//SEFIwpLfvPDnPnHk5WjerUdM/NNfboVg
6G0TdB0XVlUs9ZxvE/mtkHODeRhsaYmGW8/tIPTSZMtDoAa1jd51K8tKo9xozrD3
O8mMWZ2SbimW/HgwSvSjbDuGyhMeVozHDnLIJZJubC94kQxvaDv9QA0foZTK5HeN
awNBTV/k+0d3oXsWAJIH1NSHRKbzaWjIHQ0PykRF18WwrmsjCI4AlNRfchG/VxDc
D7QyJoEzhTSgTf9UcDVexxKsO55oBCAdEsYHkZIRm+fzQR6zv7dRYW6OfHPl2ZUY
g0C1EBf6F2xV5yrgoUi2huCWaJ+Dr54729Mu1zGh7emnp9HqrpBYPsOmjPsIHBhA
yQyv4vHrkirmaWOohmviuKquCcWuNWOrpQELRiBFG0ay3nB7+GyN5MBzcqY2trMK
mJ5zhDhdx3LKRG8g07J9iKBLWDpO6tFv0tO8psaxxfeL8o8QhyqzLVP94E5lsU/Y
0HZj6Mru4OuoeuuOPPRCV8MDx3XEFB6wTEN5+fWWuvXJkgXJqO002ft9SYdmZ7qH
ComFOR4bR05AFg0y/B8llwukhh1oiT9el3CxygIK6tcsHX9gqpa4MMHT6OiOG8kG
lCgcD6h1mLH+KY8caU8cT5xVUtbcMm3zfcqWgShfQadTuueQ6vTeZUErzMKAwusQ
1AfgavvsnmI=
=Mj7f
-----END PGP SIGNATURE-----