-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 16 Jul 2024 10:13:59 +0000 Source: putty Binary: pterm pterm-dbgsym putty putty-dbgsym putty-tools putty-tools-dbgsym Architecture: amd64 Version: 0.74-1+deb11u2 Distribution: bullseye Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) Changed-By: Bastien Roucariès Description: pterm - PuTTY terminal emulator putty - Telnet/SSH client for X putty-tools - command-line tools for SSH, SCP, and SFTP Changes: putty (0.74-1+deb11u2) bullseye; urgency=medium . * Non-maintainer upload. * Cherry-pick from upstream: - Refactor the ssh_hash vtable. - Add an extra HMAC constructor function. - Fix CVE-2024-31497: biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. Checksums-Sha1: 3820479247f6efb45d499c566ebadbb925a33d64 680224 pterm-dbgsym_0.74-1+deb11u2_amd64.deb e9625ee36109e83c4cc4de6f430b334732a04661 222836 pterm_0.74-1+deb11u2_amd64.deb e06f7dcf471e4a7ae518f21b2099c3c2bc143130 2250324 putty-dbgsym_0.74-1+deb11u2_amd64.deb 57e4d16e9652186894da2a0fe854ef2d211cdf6f 3886556 putty-tools-dbgsym_0.74-1+deb11u2_amd64.deb 3bc25a264303ccc4be52a6c598a1f83d90c09d74 445556 putty-tools_0.74-1+deb11u2_amd64.deb 4bf348fa3dc316e2fed2915b60d28b362d411df8 16124 putty_0.74-1+deb11u2_amd64-buildd.buildinfo 5f4dc6cee78974e6fa039fb0f3048a6b706e43ef 462096 putty_0.74-1+deb11u2_amd64.deb Checksums-Sha256: 86f70677757072c55e50a83c0e3eddc8b3ae94e9f9801cf9b061e668e53d6afd 680224 pterm-dbgsym_0.74-1+deb11u2_amd64.deb a37e038d1c9dbcf7c9ec505cf369fe903623ad13af7b95d1f874f086b51fd250 222836 pterm_0.74-1+deb11u2_amd64.deb 8d292bf28fb5a3590fe0a0d9c6bec631da7beb685ceff19582024fcf492dce48 2250324 putty-dbgsym_0.74-1+deb11u2_amd64.deb cce8969b8deaee2a2ca4be73be2de6dc9e9cc24e3a57261487e488462bfd91be 3886556 putty-tools-dbgsym_0.74-1+deb11u2_amd64.deb 994398c580d7944535bb8adae6d85106066bf9610508211ae30fc1617ca89c0e 445556 putty-tools_0.74-1+deb11u2_amd64.deb 975846a9fe63e4a64cf81f696a3673705e239e45554874fb2c0ea58fa7e90980 16124 putty_0.74-1+deb11u2_amd64-buildd.buildinfo d1e1ceed191a4eed9d86e98247752bc6fce748c3488bf81e54b84e43cf2061fc 462096 putty_0.74-1+deb11u2_amd64.deb Files: 9d07d6eba19e5ef01495595c5976cec5 680224 debug optional pterm-dbgsym_0.74-1+deb11u2_amd64.deb 53e4906801077bc6ba3d274ca54906f8 222836 x11 optional pterm_0.74-1+deb11u2_amd64.deb a37e1d2f4dd566f0adaf02931b46b621 2250324 debug optional putty-dbgsym_0.74-1+deb11u2_amd64.deb b138ce96a8de8bcfeab6349eb1e542df 3886556 debug optional putty-tools-dbgsym_0.74-1+deb11u2_amd64.deb 2170f4acd34f90e39fe4c024650d9335 445556 net optional putty-tools_0.74-1+deb11u2_amd64.deb b134fa369e805d99e110380ce9dd08b4 16124 net optional putty_0.74-1+deb11u2_amd64-buildd.buildinfo 05843dfc0382fcc5e1696ff0c8c64ba1 462096 net optional putty_0.74-1+deb11u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEgdRoRGwEM09wlaMzOni7ZmUpKEcFAma4pz0ACgkQOni7ZmUp KEfysxAA097UMHzkK8df0nHuFod6SbW/38Pp2C8q2axBZw2fVQDWroURntfK7xd4 uYN/IUGDAWkNDWZE9//ZchwTd7s2bNQhNeLKNps43ATzUZi9ww1VbPoR2yFmn/1m IOLTHb+BJnjK5PCsT+X+8IcQJixl8ci1FhZGY5mh34jmx+aQoBxlGrd4y/jMPA41 PGCSZPA3Ev8GDv39n1WKFSoV2g1rEsMefvyy/xCfRr3OQnu8Wylbeu/7SWQR1WM9 7IBQARJKLoxuwIkDqGPYnfFjf7glcjEH1eLI34XMRW4DPjqLs22cgGBoW6nPKeJi qmlZB6qzUoq014ub8Jpxgw2G9GN+g8xb1uWBqdP+l/B8H24FmN1ntoTaB7nT61gd lZIft0zs/K7lZyy/6zsmVZROlXSF219Vn8rkt6xKUTtv+XJCWPzuS8cy3z4sIKSj CnMJcnDVmiDFB5EkIDFD+kV2oWaxHOf8fGuZ46Rl20KMyKuJSpo7FRJw5rPI8+7q nC7ASMx+3ynI+vlYlPnlnOKiM8XD6NGCCWE4ZIU325HZGCp+StZVL29j9s36ZRLX IqYgzqnTb/dsLLz0wsmi6Pu2OdZGPQxeJUPpgW6ErhGrb7p+kcmartj2iS39SFqL UYuGUi51/mHKXGQRNmN7j3ohvqRHbSeWs/KqvCNLEhGQuDB+1Vs= =Ltvi -----END PGP SIGNATURE-----