1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted putty 0.74-1+deb11u2 (source) into oldstable-proposed-updates

    From Debian FTP Masters@21:1/5 to All on Sun Aug 11 13:40:02 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Tue, 16 Jul 2024 10:13:59 +0000
    Source: putty
    Architecture: source
    Version: 0.74-1+deb11u2
    Distribution: bullseye
    Urgency: medium
    Maintainer: Colin Watson <cjwatson@debian.org>
    Changed-By: Bastien Roucariès <rouca@debian.org>
    Changes:
    putty (0.74-1+deb11u2) bullseye; urgency=medium
    .
    * Non-maintainer upload.
    * Cherry-pick from upstream:
    - Refactor the ssh_hash vtable.
    - Add an extra HMAC constructor function.
    - Fix CVE-2024-31497: biased ECDSA nonce generation allows an attacker
    to recover a user's NIST P-521 secret key via a quick attack in
    approximately 60 signatures. In other words, an adversary
    may already have enough signature information to compromise a victim's
    private key, even if there is no further use of vulnerable PuTTY
    versions.
    Checksums-Sha1:
    1b0091cd60ed9a4f1772ff521153b75dfa26f9f3 2369 putty_0.74-1+deb11u2.dsc
    17b160e9720f67f9af9399d7d185b913b81f18fe 2476513 putty_0.74.orig.tar.gz
    4cfc0b8fdbd3b9dd41d311e5bd484b13a472d87e 659 putty_0.74.orig.tar.gz.asc
    a47a6d52ddae0a0b5b224d03e3492368625c1e7d 52448 putty_0.74-1+deb11u2.debian.tar.xz
    5b741168f3bda0b4b5f82d4dd2b64cdab72b0fb9 16669 putty_0.74-1+deb11u2_amd64.buildinfo
    Checksums-Sha256:
    36e722ded872da89ae8d6d343e11a7f7e52f5b7f6184d9e4d79b46d6b591f24f 2369 putty_0.74-1+deb11u2.dsc
    ddd5d388e51dd9e6e294005b30037f6ae802239a44c9dc9808c779e6d11b847d 2476513 putty_0.74.orig.tar.gz
    923b0e49df555c07fbfef8f3d673c505f24f31879761c1568018457cb3f725d1 659 putty_0.74.orig.tar.gz.asc
    a42564998fff21180a8113a10c0d37bf9879ae8a2b1cbb88f716b2e51f6a97e7 52448 putty_0.74-1+deb11u2.debian.tar.xz
    c16958714141fb24291e307e1738d8745459860c335b300a4820e06c6c53582d 16669 putty_0.74-1+deb11u2_amd64.buildinfo
    Files:
    14a6bd6c6a9833efe91caf1a6fa48760 2369 net optional putty_0.74-1+deb11u2.dsc
    dbfa58f22a91b22b7489173e9dd09e30 2476513 net optional putty_0.74.orig.tar.gz
    8b441a70d5a1403dd20cf546914ab745 659 net optional putty_0.74.orig.tar.gz.asc
    6032200f2e395d2ea64fc9362247052e 52448 net optional putty_0.74-1+deb11u2.debian.tar.xz
    c7eacac945ced8b2707974042f628e31 16669 net optional putty_0.74-1+deb11u2_amd64.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAma4fWwRHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF+gNA//aBw1Vfqfc3Kg8Sa6IT6ODz2egB0Ms1O2 S/oky6GQUv30wGRL7dcFNpCn1xvFVWYe7N0tSyO/H5dYVlRvOndPT0PwCziQq4Oo jxadXy7LKYZ4qB8gUUke1dX6P/59bhEH8ZDQJUn1kK/BpBW+OlTD7B8N6kAi94Yf CfdwaEQCX882MjVyBq08gFHdPng/ZqJwO0yffnk9hfcXvWKlhctyHS7y8t7nLkpS 0bDbtZJSmqjuVXFbgfooDELEnTRVIkpQUyJtDp/cfbnZmK2N4jLIyIs9GyeMgKuN dunCy1XlPN47Fvg70XAWcGyNXxbjxVqew/DSZhkv9I00ktQ8xDIWVttdG+umB7w1 hoDOONYwnj+sigpMCzTKomwopGoHsIGzg03c8HLKEOqNB2gkzxWLF+hEsSEDqw4C 9PP6qql4NyABPm0zmXcTDIwYfvcLfsXOaxeNEw4Hw6OmJCnbkANYvhQepdG0YZVp G+G+s0fBigIZczJZEviIay2uej35QnkaHkYNN1DScSakSfXFTPHlRPINsee3f2uK lHjXYKcuZFdgAvuvzJImqqy/fsiUaFC5NA2PrdL+i79w1iTNNNV/jNVFpfdXU3m7 B7eAQmMESylob3Vexi8Y7NpxVTSLXXA95tYbxXlb8xsNcmcIhK+SPWsC6lgPoMGN
    WkEgu977TcQ=
    =tPnh
    -----END PGP SIGNATURE-----


    --==============ç57477255242919488=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZrihTQAKCRCb9qggYcy5 IZ1GAQCXDuGB0af2U3BkfNacapejun4Gx8ZUGR0abzEelrICtQEA4R4D+fWbfF0a SNWj5wg6ooRAAlXVwHVb8EHT7vHonQ4=kuzd
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)