-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 16 Jul 2024 10:44:03 +0000 Source: putty Architecture: source Version: 0.78-2+deb12u2 Distribution: bookworm Urgency: medium Maintainer: Colin Watson <cjwatson@debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Changes: putty (0.78-2+deb12u2) bookworm; urgency=medium . * Non-maintainer upload. * Cherry-pick from upstream: - Add an extra HMAC constructor function - Fix CVE-2024-31497: biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. * Run test/cryptsuite.py during build. Checksums-Sha1: 66d4b247abd2bb056cc81f21630164ac5da50c4a 2455 putty_0.78-2+deb12u2.dsc aa986da546af967b9dc7619f6549c9e6bea9ccdb 56528 putty_0.78-2+deb12u2.debian.tar.xz f4b25503b46c1e7b96f03a37cc9cd0e29db1f75d 17049 putty_0.78-2+deb12u2_amd64.buildinfo Checksums-Sha256: e589b49ae60a609fc52386dd77fb8d361068632d49700fba0d5b97fed35ca8d5 2455 putty_0.78-2+deb12u2.dsc 114c028e708ab87c60d4bc7309710c53e124f89573b739ee5c4ce3398b9598e7 56528 putty_0.78-2+deb12u2.debian.tar.xz c3c838e8f8b48ec8fa64056b66d788c95a6df88d5abc34c8221c4ca8b4c43c6f 17049 putty_0.78-2+deb12u2_amd64.buildinfo Files: bbf1c2bc92136a3318cf1782ddad6dc0 2455 net optional putty_0.78-2+deb12u2.dsc ee6888836cac4940134f66497ac41ce2 56528 net optional putty_0.78-2+deb12u2.debian.tar.xz 46ad6ca22d8d5b8d3cb5d3cae81a7c6e 17049 net optional putty_0.78-2+deb12u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmbBAO8RHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF9/Hw/+KVhETjuCqaySZBMFcdBHXLaym986IG50 AbL+2hoDew0qCC2LUoPYJZH1rUGkOcPUvuANW+D3KY6RP22s3N0F1UfxyS9AIdcz 0pZVukzNDy+WPNL0luAt3t5l0r4Bl7PcDMhAf9PK7Gku/0xmvN394kCLOVhm1J0H eUMsay+mlN5l2fwlcWG3W3IwueFzyHbxuvyXRDdevnY2m5rUpK0ShLGmoV84PYha B4YMW6o/WkLzk8pmU0YtdTAaU7RGKxhOt2DTfD/Ka/Dz+qgwFLkWh9t6jwTBpcrb iLUB8Ee8Arotw0CmQy/bAivobriz6EVvsiycBG3X+uubxa972PdyDwjs0z/8ZwKI pLrHjM9wtdiI/rxloUqlgzU9uqQcYrCs7Z1f5hmGMz+lip1EbwAnA9my3H5pxiyW DqCrZftRO0m+NdPBKYhYWdCuZrVoDbcL9tT0ipzSLq3eCgFm7ruJiKAocwUXlTIE BWWTdctPvs1pI108tG24AZPbdD6rTkmhKvLv8xGzfE4xb+E5el0VtEIntlF8iTdA sDRUILV2dxxSzxAj/XN8LHQU9BcIirpRFrmlEkQE174qDrRvOfVHpH+P8vCHLmCg j91sG2Oc870V/uA1Z6hxeIkCwVEbKWQzY6LIHj5KS6BLjFjJtAOpN71DYYMG2Krb JEM4vncefwQ= =vTfz -----END PGP SIGNATURE-----