-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 16 Jul 2024 10:44:03 +0000 Source: putty Binary: pterm pterm-dbgsym putty putty-dbgsym putty-tools putty-tools-dbgsym Architecture: arm64 Version: 0.78-2+deb12u2 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-ubc-02) Changed-By: Bastien Roucariès Description: pterm - PuTTY terminal emulator putty - Telnet/SSH client for X putty-tools - command-line tools for SSH, SCP, and SFTP Changes: putty (0.78-2+deb12u2) bookworm; urgency=medium . * Non-maintainer upload. * Cherry-pick from upstream: - Add an extra HMAC constructor function - Fix CVE-2024-31497: biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. * Run test/cryptsuite.py during build. Checksums-Sha1: b8508db7d22738bd1fc5d57d105d012b5a8cea6e 693836 pterm-dbgsym_0.78-2+deb12u2_arm64.deb de7f5fcfd0ed016dfb6c11ef816bcc31726023e6 211344 pterm_0.78-2+deb12u2_arm64.deb 31252ab9bbbd492b049c48dea45353e050bb467d 2520900 putty-dbgsym_0.78-2+deb12u2_arm64.deb c3e2e1f30c9ebc09a26bf3032505959ba9b27221 5466696 putty-tools-dbgsym_0.78-2+deb12u2_arm64.deb bc61d465b8a5b0628e72bae80b107c3d19adb3ab 585712 putty-tools_0.78-2+deb12u2_arm64.deb 3ffee93f9182c73de5878ad90aada9db10874e85 16431 putty_0.78-2+deb12u2_arm64-buildd.buildinfo 557dcc9c06d80787158c0da0180642592feb1ebe 499756 putty_0.78-2+deb12u2_arm64.deb Checksums-Sha256: 3dba7cb32893d95ce9013e2dfea15a63a11d7a7fed8e2d748aaa2e9fcc1a2b91 693836 pterm-dbgsym_0.78-2+deb12u2_arm64.deb 5f38afd528f6d79451e05f6979aeffdee31b2bfa4f4ac13356300fafb878d425 211344 pterm_0.78-2+deb12u2_arm64.deb fee8c688e8a28890b27d1837e0b29b4abf63f92b41c36d4ed2b17e795eab05b9 2520900 putty-dbgsym_0.78-2+deb12u2_arm64.deb 0dacd0c204d0e6c5e9627cba55ea0022d7f44e8b9fb15535f34a7155fa8127b3 5466696 putty-tools-dbgsym_0.78-2+deb12u2_arm64.deb cfe2b686d2b6ad11c14d592288df4522a3b98ed95b0583d7118cb93b68fc57a0 585712 putty-tools_0.78-2+deb12u2_arm64.deb 383cf149bde0997c3bb6dc4f8718fd2cec98367305a969428a048f0b30eefe33 16431 putty_0.78-2+deb12u2_arm64-buildd.buildinfo a413956a62f719a45bcbde730488a6db4a7e5d34f36fb4489df697fb9e9539c5 499756 putty_0.78-2+deb12u2_arm64.deb Files: 473d68feb547a5a77909b86b95c5497e 693836 debug optional pterm-dbgsym_0.78-2+deb12u2_arm64.deb 604596077e0f81a94bbf04d856121c13 211344 x11 optional pterm_0.78-2+deb12u2_arm64.deb 50e3ead1b4db53cc7ac4a36104fc97b1 2520900 debug optional putty-dbgsym_0.78-2+deb12u2_arm64.deb 1359bf2092e03da8d67fdd3fe1cb4907 5466696 debug optional putty-tools-dbgsym_0.78-2+deb12u2_arm64.deb fafcc934b995d392e00245120ce872db 585712 net optional putty-tools_0.78-2+deb12u2_arm64.deb 994d6ef9edcfd4f4cadef7e01727649e 16431 net optional putty_0.78-2+deb12u2_arm64-buildd.buildinfo d68face89e09f62af368bb82463e37bd 499756 net optional putty_0.78-2+deb12u2_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE9C4sZYDxwNo9XoUDaRWK3AIe28EFAmbGZlcACgkQaRWK3AIe 28HWIRAAlGvxDLrSAFpXGRiBQH0AyoloH0XWkT+NoLUmNb2NhD7TAAKMrfHsYyAd +wZHZluI3Sae6FGB5gEr1NHUYJciLf3BhORPGTeSCBgRrmVKsGm3F8HvJVV3EYaG R6sheQoB6u7aMrZ7zTBr3K1IDkBFPMWeanvgblj4sWxaBvZn3Q8bSXEsdwOfIrYx 1SSIYzZCAmF4kdsdEKsrufBU+wOp8VFynNm8lJacR9Me3N+lwF0bslHjk7kBXsGE ZTnfXN2W2phQlc7S32tMKvloI5KlMsal1JaAKVOjp0lowz0g47IoHwm+ifYF8QOC b36oSkjFxBzI8kv0Fv+/v1oFFe82cXYdlrP4DI22h09x1voCJyXPhBKBDyCHqcuw DSxzlr3ADjQabwsOw+Kp17oIV1uuO66JxjPUuhUv1QV6C5uN4ZvxPSid6Dh9kDS6 QO4utJwSAFOFZZO9LThmYF8ExvTU16ZALJYJJ+YlZbvAMkPH8IfLb3FVnbBAwq0O ZyXEIS1L1VPyq9/V5p/puAxUogubC8Jb03wLC5B3MhCCJ/5TGr+Nd5hynur/H61s RVT10xcAsLeg4ECQ5UbqAvyvtIeUH1SU4qcVUdVzd9hjJ70ehWIzr+tZ2W/MisRg JxbVzZhveUph2EHtxxFoTcfve4y2DfQwy++IxY2gl98W7dA62IY= =3MuQ -----END PGP SIGNATURE-----