-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 16 Jul 2024 10:13:59 +0000 Source: putty Architecture: source Version: 0.74-1+deb11u2 Distribution: bullseye Urgency: medium Maintainer: Colin Watson <cjwatson@debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Changes: putty (0.74-1+deb11u2) bullseye; urgency=medium . * Non-maintainer upload. * Cherry-pick from upstream: - Refactor the ssh_hash vtable. - Add an extra HMAC constructor function. - Fix CVE-2024-31497: biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. Checksums-Sha1: 1b0091cd60ed9a4f1772ff521153b75dfa26f9f3 2369 putty_0.74-1+deb11u2.dsc 17b160e9720f67f9af9399d7d185b913b81f18fe 2476513 putty_0.74.orig.tar.gz 4cfc0b8fdbd3b9dd41d311e5bd484b13a472d87e 659 putty_0.74.orig.tar.gz.asc a47a6d52ddae0a0b5b224d03e3492368625c1e7d 52448 putty_0.74-1+deb11u2.debian.tar.xz 5b741168f3bda0b4b5f82d4dd2b64cdab72b0fb9 16669 putty_0.74-1+deb11u2_amd64.buildinfo Checksums-Sha256: 36e722ded872da89ae8d6d343e11a7f7e52f5b7f6184d9e4d79b46d6b591f24f 2369 putty_0.74-1+deb11u2.dsc ddd5d388e51dd9e6e294005b30037f6ae802239a44c9dc9808c779e6d11b847d 2476513 putty_0.74.orig.tar.gz 923b0e49df555c07fbfef8f3d673c505f24f31879761c1568018457cb3f725d1 659 putty_0.74.orig.tar.gz.asc a42564998fff21180a8113a10c0d37bf9879ae8a2b1cbb88f716b2e51f6a97e7 52448 putty_0.74-1+deb11u2.debian.tar.xz c16958714141fb24291e307e1738d8745459860c335b300a4820e06c6c53582d 16669 putty_0.74-1+deb11u2_amd64.buildinfo Files: 14a6bd6c6a9833efe91caf1a6fa48760 2369 net optional putty_0.74-1+deb11u2.dsc dbfa58f22a91b22b7489173e9dd09e30 2476513 net optional putty_0.74.orig.tar.gz 8b441a70d5a1403dd20cf546914ab745 659 net optional putty_0.74.orig.tar.gz.asc 6032200f2e395d2ea64fc9362247052e 52448 net optional putty_0.74-1+deb11u2.debian.tar.xz c7eacac945ced8b2707974042f628e31 16669 net optional putty_0.74-1+deb11u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAma4fWwRHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF+gNA//aBw1Vfqfc3Kg8Sa6IT6ODz2egB0Ms1O2 S/oky6GQUv30wGRL7dcFNpCn1xvFVWYe7N0tSyO/H5dYVlRvOndPT0PwCziQq4Oo jxadXy7LKYZ4qB8gUUke1dX6P/59bhEH8ZDQJUn1kK/BpBW+OlTD7B8N6kAi94Yf CfdwaEQCX882MjVyBq08gFHdPng/ZqJwO0yffnk9hfcXvWKlhctyHS7y8t7nLkpS 0bDbtZJSmqjuVXFbgfooDELEnTRVIkpQUyJtDp/cfbnZmK2N4jLIyIs9GyeMgKuN dunCy1XlPN47Fvg70XAWcGyNXxbjxVqew/DSZhkv9I00ktQ8xDIWVttdG+umB7w1 hoDOONYwnj+sigpMCzTKomwopGoHsIGzg03c8HLKEOqNB2gkzxWLF+hEsSEDqw4C 9PP6qql4NyABPm0zmXcTDIwYfvcLfsXOaxeNEw4Hw6OmJCnbkANYvhQepdG0YZVp G+G+s0fBigIZczJZEviIay2uej35QnkaHkYNN1DScSakSfXFTPHlRPINsee3f2uK lHjXYKcuZFdgAvuvzJImqqy/fsiUaFC5NA2PrdL+i79w1iTNNNV/jNVFpfdXU3m7 B7eAQmMESylob3Vexi8Y7NpxVTSLXXA95tYbxXlb8xsNcmcIhK+SPWsC6lgPoMGN WkEgu977TcQ= =tPnh -----END PGP SIGNATURE-----