-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 16 Jul 2024 10:44:03 +0000 Source: putty Binary: pterm pterm-dbgsym putty putty-dbgsym putty-tools putty-tools-dbgsym Architecture: amd64 Version: 0.78-2+deb12u2 Distribution: bookworm Urgency: medium Maintainer: amd64 Build Daemon (x86-grnet-03) Changed-By: Bastien Roucariès Description: pterm - PuTTY terminal emulator putty - Telnet/SSH client for X putty-tools - command-line tools for SSH, SCP, and SFTP Changes: putty (0.78-2+deb12u2) bookworm; urgency=medium . * Non-maintainer upload. * Cherry-pick from upstream: - Add an extra HMAC constructor function - Fix CVE-2024-31497: biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. * Run test/cryptsuite.py during build. Checksums-Sha1: 7cd3e7bb11037a76b070c5e377f7b54c765a34c8 699648 pterm-dbgsym_0.78-2+deb12u2_amd64.deb a7604ab433697ff2e74ec8385caba0b80328b509 229800 pterm_0.78-2+deb12u2_amd64.deb 1366a17f342f65480462b9ac4ef8bf2be23698f6 2535584 putty-dbgsym_0.78-2+deb12u2_amd64.deb d08627a24880a7964f6d06d45474dd35b0c8da32 5522100 putty-tools-dbgsym_0.78-2+deb12u2_amd64.deb 3fe209b79af63fc16b9d8ecf643257e3ad1bd7ba 611236 putty-tools_0.78-2+deb12u2_amd64.deb 7e42bd2423edfdbe1b33b2b9233ab102d5884fe2 16492 putty_0.78-2+deb12u2_amd64-buildd.buildinfo 5a1ed337036cdb5a9f17a5c69bfb652b179f2482 536876 putty_0.78-2+deb12u2_amd64.deb Checksums-Sha256: e49884e33e4ecbc166915d7a61927e3bcd09282e5cba516f98f9c3da4517b136 699648 pterm-dbgsym_0.78-2+deb12u2_amd64.deb 63f62d7cf03e8118e846456a7264df534db51b1580780e04153fe7174ec8e21b 229800 pterm_0.78-2+deb12u2_amd64.deb d11cb9937f8236777994eee6990bf38d1ac07479b75e215094dad1c9c51b56df 2535584 putty-dbgsym_0.78-2+deb12u2_amd64.deb 8adfb9eb199c5c8b42dc79385090e03e10519ccc07d4376b61a068e50604f13e 5522100 putty-tools-dbgsym_0.78-2+deb12u2_amd64.deb adee2cbd2576dafc01bf9e380bc0e2b772713255011ed8eabe2493021e581b4d 611236 putty-tools_0.78-2+deb12u2_amd64.deb 69b6ab031e75c114593172efeb29f47791923ef1639eba9d71b13f00c95077a3 16492 putty_0.78-2+deb12u2_amd64-buildd.buildinfo 800901000bcb7459530d6824f94c8e05ccea4289978200d4daef4c0c2e4aa71e 536876 putty_0.78-2+deb12u2_amd64.deb Files: e2619c91ebe40520b5b98ea9e7de7066 699648 debug optional pterm-dbgsym_0.78-2+deb12u2_amd64.deb 3c55d62106db1a5789104f04a062ab6f 229800 x11 optional pterm_0.78-2+deb12u2_amd64.deb e77c1d701d8b44be6d5c35e8960ba863 2535584 debug optional putty-dbgsym_0.78-2+deb12u2_amd64.deb 3b28b045c897d0511ce911f30963bb69 5522100 debug optional putty-tools-dbgsym_0.78-2+deb12u2_amd64.deb 9ab98635023a3cbc97bbb245b007c6bb 611236 net optional putty-tools_0.78-2+deb12u2_amd64.deb 7fe3672221af2e10280044dfed5ccdb8 16492 net optional putty_0.78-2+deb12u2_amd64-buildd.buildinfo 29113b93f15cf36743336dc4490ea71a 536876 net optional putty_0.78-2+deb12u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEe8x49oT2k+seQstpgDm7h4zfCpIFAmbGZnYACgkQgDm7h4zf CpK9Aw//WMkshsQTpTyES+jX2OBF8LJ5NSxZZmrTjOzN2KDbStmg1CWjWXlYMc15 stsBVqbTtcnvoReOdaXGpC7IpxOi9nUgaKoVaUW+LjYRQf34pvc+2GaUTQ4x0HwP acJ+EWYG5MCaTTQ7uD26fVfjByNDOvMouD1cq2LoyoKLp2BQgWi82iySivduluMj HiXRRnIy3bTDgB/4DOTQlFfIl3HhB7mgU072Q+y0jx4SagKOeHMI8P0zWGSB+hfj SnUvdHMdWTtvZLhcaU+4Wxxcd0FSr8Ntfn5qBq6pV1yEk+eVwvTKI5E/awTs3MUK bXlkF9yD3SJGoFyBGVSwcH37Qx2Ur+OVmi1Nmxwt6N1GJu6z/h3bziIR9OvpQt3/ uxVdHZuQFmrDuNVcvPYOISmywqQaT+cRmVgteZbfLMQab+eIGvQx2Uf9rFMj4o38 sLFl9rR7yORF5WZaM48h9NhLVuIIrR/F5CaKur2ZAENuYvSgS9ERurypC6MTWWHq FsoUwSk/cTdol1XtXX786bT5EawIgQA57MLMx9v+W00O0/3eb/wpY95/pXFfXTBl nZmwtcvKRuvS7K88eZR4EdwF+pZX1/L17GTbVEdc5AunkIejaRl7bljX9TZBpoCM fISIcXADA2ZHoD8nxDYLMvf9/eL4h21A95Q8EbcVtHQD4HnE7EM= =Vu8N -----END PGP SIGNATURE-----