Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted putty 0.74-1+deb11u1~deb10u2 (source) into oldoldstable
Date: Wed, 19 Jun 2024 22:10:19 +0000
Signed by: Bastien ROUCARIÈS <rouca@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 19 Jun 2024 21:49:08 +0000
Source: putty
Architecture: source
Version: 0.74-1+deb11u1~deb10u2
Distribution: buster-security
Urgency: critical
Maintainer: Colin Watson <cjwatson@debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Changes:
 putty (0.74-1+deb11u1~deb10u2) buster-security; urgency=critical
 .
   * LTS team upload
   * Fix CVE-2024-31497: biased ECDSA nonce generation allows an attacker
     to recover a user's NIST P-521 secret key via a quick attack in
     approximately 60 signatures. In other words, an adversary
     may already have enough signature information to compromise a victim's
     private key, even if there is no further use of vulnerable PuTTY
     versions.
Checksums-Sha1:
 157c2b648c73fe92e52a0b6d64262e26014195e2 2395 putty_0.74-1+deb11u1~deb10u2.dsc
 63ea869b7ca57866fbdb9d68858c168976b69e02 55784 putty_0.74-1+deb11u1~deb10u2.debian.tar.xz
 2e606157bb426619fa0c09a13507591bef56b4d6 17209 putty_0.74-1+deb11u1~deb10u2_amd64.buildinfo
Checksums-Sha256:
 9a5263cd5aed998e0ef42dd4f8c6fb8a7fc4b014558ca771c3de28f1709acd19 2395 putty_0.74-1+deb11u1~deb10u2.dsc
 2c408bebcab72de5e33c83cd81ceb21fe4a20470b95c5b15883b6e8289c4531d 55784 putty_0.74-1+deb11u1~deb10u2.debian.tar.xz
 47a861d0d981d03576675faead12c169cbc6491f5b01608c7c616151e9281bcf 17209 putty_0.74-1+deb11u1~deb10u2_amd64.buildinfo
Files:
 b90a9f34bb0d985f765b6b84fcb07442 2395 net optional putty_0.74-1+deb11u1~deb10u2.dsc
 a498b0118b552d6c793f335b8e86dd59 55784 net optional putty_0.74-1+deb11u1~deb10u2.debian.tar.xz
 6eef7d889d95dc4df97417e163ab9f9d 17209 net optional putty_0.74-1+deb11u1~deb10u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmZzU9wRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF/iOA/9HJb3a100Ym2wgQd+WwpDKpZw6+cDj0Si
owF8Qrbnb1DrMROSpeoOtnOAFrnBgxakdQTJ3xr24TZbg4c4qa1DTts3gqzPiR54
iXgS4GvBZvuBZ/D8S1OuXH147DlXZI1AtfFx9kGkXakaOVgI3dKMVuK7vOt38TlS
3pfyAdkbbjT4IN7iJiiGHrvAAdkb+ma1YDLAV8ycpQx/8FW/chzOeO/xNbY1VHe5
3W/ur0FDmxgCUR9cPyuwjDaAxmxtlNNgpUuftcIdCuHMZPsM8yrlwanxAVgvBPAm
k0fYjtjfZW+KuMLuetROoqUfTznJdve2mVNY3zPQzTakfwoFW7NcHiXHKlODh8hu
Yn1rR3u4cfNtS9PVIbB0M8lQATptvjq79YkBHOjTqg5H0WRmRoozLLUNFO7yV9Kw
QwBjAooPyLom3/stfUetSZ7wm6xbCxFnpl/q44aJ7a9Muj/KbBkFjBMq3214nDV9
pI/PipU7FNdgNUOXRox/4Ve2j3c4p9B/2YNiHZsXgU2R76vWzPXzddhZ/8mlc80C
zbONEmxjhTvesoKlHVXx6ZxKDz6qDSSW0AlNo9s5jMabvW/k+ZGC5654h5HPBowU
aboswCplH/BGGuDhHMJXYzYF9QFlZmnuU4EKA4okpzdh6ARaWslE2V4cJEmDveRw
UeNZdrIuVco=
=q+7u
-----END PGP SIGNATURE-----

News for package putty