1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted putty 0.78-2+deb12u2 (source) into proposed-updates

    From Debian FTP Masters@21:1/5 to All on Wed Aug 21 23:50:02 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Tue, 16 Jul 2024 10:44:03 +0000
    Source: putty
    Architecture: source
    Version: 0.78-2+deb12u2
    Distribution: bookworm
    Urgency: medium
    Maintainer: Colin Watson <cjwatson@debian.org>
    Changed-By: Bastien Roucariès <rouca@debian.org>
    Changes:
    putty (0.78-2+deb12u2) bookworm; urgency=medium
    .
    * Non-maintainer upload.
    * Cherry-pick from upstream:
    - Add an extra HMAC constructor function
    - Fix CVE-2024-31497: biased ECDSA nonce generation allows an attacker
    to recover a user's NIST P-521 secret key via a quick attack in
    approximately 60 signatures. In other words, an adversary
    may already have enough signature information to compromise a victim's
    private key, even if there is no further use of vulnerable PuTTY
    versions.
    * Run test/cryptsuite.py during build.
    Checksums-Sha1:
    66d4b247abd2bb056cc81f21630164ac5da50c4a 2455 putty_0.78-2+deb12u2.dsc
    aa986da546af967b9dc7619f6549c9e6bea9ccdb 56528 putty_0.78-2+deb12u2.debian.tar.xz
    f4b25503b46c1e7b96f03a37cc9cd0e29db1f75d 17049 putty_0.78-2+deb12u2_amd64.buildinfo
    Checksums-Sha256:
    e589b49ae60a609fc52386dd77fb8d361068632d49700fba0d5b97fed35ca8d5 2455 putty_0.78-2+deb12u2.dsc
    114c028e708ab87c60d4bc7309710c53e124f89573b739ee5c4ce3398b9598e7 56528 putty_0.78-2+deb12u2.debian.tar.xz
    c3c838e8f8b48ec8fa64056b66d788c95a6df88d5abc34c8221c4ca8b4c43c6f 17049 putty_0.78-2+deb12u2_amd64.buildinfo
    Files:
    bbf1c2bc92136a3318cf1782ddad6dc0 2455 net optional putty_0.78-2+deb12u2.dsc
    ee6888836cac4940134f66497ac41ce2 56528 net optional putty_0.78-2+deb12u2.debian.tar.xz
    46ad6ca22d8d5b8d3cb5d3cae81a7c6e 17049 net optional putty_0.78-2+deb12u2_amd64.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmbBAO8RHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF9/Hw/+KVhETjuCqaySZBMFcdBHXLaym986IG50 AbL+2hoDew0qCC2LUoPYJZH1rUGkOcPUvuANW+D3KY6RP22s3N0F1UfxyS9AIdcz 0pZVukzNDy+WPNL0luAt3t5l0r4Bl7PcDMhAf9PK7Gku/0xmvN394kCLOVhm1J0H eUMsay+mlN5l2fwlcWG3W3IwueFzyHbxuvyXRDdevnY2m5rUpK0ShLGmoV84PYha B4YMW6o/WkLzk8pmU0YtdTAaU7RGKxhOt2DTfD/Ka/Dz+qgwFLkWh9t6jwTBpcrb iLUB8Ee8Arotw0CmQy/bAivobriz6EVvsiycBG3X+uubxa972PdyDwjs0z/8ZwKI pLrHjM9wtdiI/rxloUqlgzU9uqQcYrCs7Z1f5hmGMz+lip1EbwAnA9my3H5pxiyW DqCrZftRO0m+NdPBKYhYWdCuZrVoDbcL9tT0ipzSLq3eCgFm7ruJiKAocwUXlTIE BWWTdctPvs1pI108tG24AZPbdD6rTkmhKvLv8xGzfE4xb+E5el0VtEIntlF8iTdA sDRUILV2dxxSzxAj/XN8LHQU9BcIirpRFrmlEkQE174qDrRvOfVHpH+P8vCHLmCg j91sG2Oc870V/uA1Z6hxeIkCwVEbKWQzY6LIHj5KS6BLjFjJtAOpN71DYYMG2Krb
    JEM4vncefwQ=
    =vTfz
    -----END PGP SIGNATURE-----


    --==============E02698830048670257=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZsZgXgAKCRCb9qggYcy5 IfnBAQDisZwCdRhdTZX+Hzhg2s4xMtWuPepNYCzbKdK+UuJ47gEAwStgClVuBAf9 KqCdoOPobZMrIIPgv535LBph3yfvDwg=rY3N
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)