-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 16 Jul 2024 10:13:59 +0000 Source: putty Binary: pterm pterm-dbgsym putty putty-dbgsym putty-tools putty-tools-dbgsym Architecture: i386 Version: 0.74-1+deb11u2 Distribution: bullseye Urgency: medium Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) Changed-By: Bastien Roucariès Description: pterm - PuTTY terminal emulator putty - Telnet/SSH client for X putty-tools - command-line tools for SSH, SCP, and SFTP Changes: putty (0.74-1+deb11u2) bullseye; urgency=medium . * Non-maintainer upload. * Cherry-pick from upstream: - Refactor the ssh_hash vtable. - Add an extra HMAC constructor function. - Fix CVE-2024-31497: biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. Checksums-Sha1: e6caa5d20a91f61e0e0f255c8071caa6ea249e4c 584744 pterm-dbgsym_0.74-1+deb11u2_i386.deb d18c1c1fd2077b7f435c6a4e78d4879d9de5efb7 239360 pterm_0.74-1+deb11u2_i386.deb d1a83ffae7b8608a26ee648cbccad0117b15d69d 1964844 putty-dbgsym_0.74-1+deb11u2_i386.deb 499af55b3a6c1398b74bc79498c9fbae971e86e0 3430020 putty-tools-dbgsym_0.74-1+deb11u2_i386.deb 16115704a850121b721ff800526f63561ce73d3b 488756 putty-tools_0.74-1+deb11u2_i386.deb 955e044c8b0c2e3523988ec0eff5eff04cb47f71 16051 putty_0.74-1+deb11u2_i386-buildd.buildinfo 5706bf9a4506fe128253a2e7c9c78dfb160c4abf 508536 putty_0.74-1+deb11u2_i386.deb Checksums-Sha256: a5d5a2da4305b8de355a708ce85da1442692f98b2750c44a1cb072c13568d36f 584744 pterm-dbgsym_0.74-1+deb11u2_i386.deb 9fc5d80170202d28ac67046bbcad114b5e37f27a3e8de57ad7c6c6fda8de1792 239360 pterm_0.74-1+deb11u2_i386.deb 96958ef2a64c89daef8ab3605f76942c1dccf72ecaf319197164d2f6f7ab986d 1964844 putty-dbgsym_0.74-1+deb11u2_i386.deb d9afa749bebdebea59b919b3ef7c132dae1a4e7ffc7e616b8864dc0c83ac234f 3430020 putty-tools-dbgsym_0.74-1+deb11u2_i386.deb 224a7537e970682cb9d47cd604a248793c1c19fda85308c5124dbf8068e47fd1 488756 putty-tools_0.74-1+deb11u2_i386.deb 305cf27bde8715a57488a5a5d625693e9c4d6eac52ca1d52c5fb5a6d78ad9fba 16051 putty_0.74-1+deb11u2_i386-buildd.buildinfo ea974f849662fad1db0c9fe0e3675457034fb1ca7df05ff9333ffc26bd0ef37e 508536 putty_0.74-1+deb11u2_i386.deb Files: c4a43021de0ea4b0c8e4da7be9881f04 584744 debug optional pterm-dbgsym_0.74-1+deb11u2_i386.deb 73a95fe8365351ee10fdb4fdc8d9c130 239360 x11 optional pterm_0.74-1+deb11u2_i386.deb e1357fbb1b61e96caddeb8b1fcad062a 1964844 debug optional putty-dbgsym_0.74-1+deb11u2_i386.deb aa595d01bab13ceded44d375dcc907e3 3430020 debug optional putty-tools-dbgsym_0.74-1+deb11u2_i386.deb b94806ae8ab5535350b5ba8a296c42e3 488756 net optional putty-tools_0.74-1+deb11u2_i386.deb 762085f9d42a157d59668bf876d8a76d 16051 net optional putty_0.74-1+deb11u2_i386-buildd.buildinfo 31f9ea188973d373c9d50bddb57c1fb2 508536 net optional putty_0.74-1+deb11u2_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEGBeuno8wiDXCewDuqqLQG5ksqMMFAma4p5AACgkQqqLQG5ks qMMaXw/+O6porMwww72LjWHi8uEG6nlxZRykEq4nIwQiB7BOyBKF6afgGhKOFprq nzFIK6NQh3QUNpUwtAhYIR8i7NifuFJmnjI4hLsJ5dsSOpihRPk8VP001ACQUtv8 gzx7fUi0lhl3ttUlm/1P8ZRSxx4BQdB8o2YRZ8qqH6je5caUFo72hCM4oBHQV5cU yS6p9ulx1WL9cRW0tUTbl7Nuq5GFk6UdqGVYuP/gdp38dwe9q4S6QmnRAmkkfiw7 bLDZiIOU554Vk6eP38ACJjUuRU8+zxj5szVTYE5khPPMO/sClQVZdK3UjVqt4qpz lN7O5N3fK5RSTmXhGzhNbmUmEDrksM4uImN6v5eKDe63clxAR/9uj8w/iBv/VBEI o+Af3SnAE5b5jyEN5elnyDe3gKiOtMleHI4Wfvk1OkJQJ1FG0XE8zSLMu3C5pV8V wLRk0kbgKbPUahZhTkN3+Kfh8RCVDimM+bp/H5GvwzsjVYcRG/87pqp3VNR4REkv MOHiEjP6sxJF0zUKfkYBEFEw7RUaXrAYFH0qz1sZa45xW9vaqXd3NeVxneUosjgp 67qn6h4t4yxdAiRgy2a+3zRhKIxINzJ0AIzKJS41niqud+u7RutHd2UA9e/QWZCN ctxzyfhBva899ITe8mH4lx1gaf4moRZCyyK7oalKn84Db8Z/UXo= =uQk7 -----END PGP SIGNATURE-----