-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 16 Jul 2024 10:44:03 +0000 Source: putty Binary: pterm pterm-dbgsym putty putty-dbgsym putty-tools putty-tools-dbgsym Architecture: i386 Version: 0.78-2+deb12u2 Distribution: bookworm Urgency: medium Maintainer: i386 Build Daemon (x86-grnet-01) Changed-By: Bastien Roucariès Description: pterm - PuTTY terminal emulator putty - Telnet/SSH client for X putty-tools - command-line tools for SSH, SCP, and SFTP Changes: putty (0.78-2+deb12u2) bookworm; urgency=medium . * Non-maintainer upload. * Cherry-pick from upstream: - Add an extra HMAC constructor function - Fix CVE-2024-31497: biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. * Run test/cryptsuite.py during build. Checksums-Sha1: 44f3333c2130c7b8b2a2ae9d7333e2cd7d6fd380 603248 pterm-dbgsym_0.78-2+deb12u2_i386.deb b8ec0f4a4c0421152d6241047c89ec886a17706e 246784 pterm_0.78-2+deb12u2_i386.deb 4cb6eeb379f9488d23651bf6280e055237979cad 2269256 putty-dbgsym_0.78-2+deb12u2_i386.deb b837a66a7e6ba2ac44a612ab7850fe2b57c232ca 4960032 putty-tools-dbgsym_0.78-2+deb12u2_i386.deb e2a9f6b3fd3e5014e4f89c7949ffcda01146bbcc 676752 putty-tools_0.78-2+deb12u2_i386.deb c89162eccf87dd270083f93fcf76becf831925d6 16436 putty_0.78-2+deb12u2_i386-buildd.buildinfo 91ed5258898bae0964c2e9ff13121496661af00e 593720 putty_0.78-2+deb12u2_i386.deb Checksums-Sha256: 6450d5312d7920308cd29cd0c4d9516508cd7ee7cb0742b0ecfe183af786b331 603248 pterm-dbgsym_0.78-2+deb12u2_i386.deb 4dac4088b5a333beb41b1ef14fda46c423232cdf51744e05122835b67b7c97a4 246784 pterm_0.78-2+deb12u2_i386.deb a3fe92ac8e035d975f175a73fdb544183e94eccd9fd40a9d4acc332d675d5883 2269256 putty-dbgsym_0.78-2+deb12u2_i386.deb c8a77943a3aac3f04a6cc02e41e680eb86c295defec9845f8a8b1cd415ee140f 4960032 putty-tools-dbgsym_0.78-2+deb12u2_i386.deb 937c0c7bcf3a9dfbf4fb50ba14df7ea5c76a093acf375fae11ac22993a9b1ac6 676752 putty-tools_0.78-2+deb12u2_i386.deb 118c93309148d564f4c02f599f491c3d584773a023ffa0c912c9600ce911f977 16436 putty_0.78-2+deb12u2_i386-buildd.buildinfo 91fe3847f64899e42804994762863ef60e4cfc0c63b540262b8fdfd906a6df1d 593720 putty_0.78-2+deb12u2_i386.deb Files: 6274386db4af0a876dc00e38117fda8c 603248 debug optional pterm-dbgsym_0.78-2+deb12u2_i386.deb d26cd731aea778c0776659f72e0411ae 246784 x11 optional pterm_0.78-2+deb12u2_i386.deb ca1ad73174d6acf110c2c0bb8b1d6b31 2269256 debug optional putty-dbgsym_0.78-2+deb12u2_i386.deb e2cd451507fa6f4936fa7893406f6b46 4960032 debug optional putty-tools-dbgsym_0.78-2+deb12u2_i386.deb 75c8e53390d9f52cf7e7808298b5810a 676752 net optional putty-tools_0.78-2+deb12u2_i386.deb 4139319b47a0fe7600364814374e98c0 16436 net optional putty_0.78-2+deb12u2_i386-buildd.buildinfo 791f5b13f2c693174d3f90623f048ddd 593720 net optional putty_0.78-2+deb12u2_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEyTfXx8sBpQ0Lh3cUU9a0/LcaTpMFAmbGZpYACgkQU9a0/Lca TpNm1g/+LU004DMV0Sv4/GFO/QN5UgheW9BOI1BdQqTP1nINZSWnQ2TEguD09aBR yLm2i9bQYlQcVJywyHRPPyBg/+u+UtAZHzMkvvm5Z225cS0JX6svMofxbWY7jC9o vfeKLIcYsLXH0A/NkWveZygC1H4McD3ZruGpRjul0ksqKIdr6KBhx7IadvPvxxIp Hr4S0ALHta8L8tpaRrUOdjDa0Qiiqtm/fvYSF+Lgadx1SH54o4yTJgFd+LnY0g94 n8nsVQuz+ZAhHVPW39ic5/B6hbr3FJN1P2Opt6TBiXeSBSbL3xTm5LBpMKXscHMQ q+KV/vfTVLqpQEfnOTmezsCSloZpBn4aNf5nwYXY87SEs4CVRh9QWkY4HaGIQZww eeFUf62XSqT9xC/ByMcQVex5DRQ/yFb+8PTHwq1kAUQ6viTXD2iVPOmF9cyoQ6YK i4RxRsxwld1ZpkHxTQ+1xRBbw9QjbFmH9+HhxQi8EwDlMNI8Lfau35e36UC9qLgO u1A3qi4VRXOIHs2egXEwr8p1yBCHv62dQug2a34tBOB3vYU6lT1qIHdbh3KYKSr9 yS/gBubWbiPhXNsjWstOCwDK7tO8wQjnoXDrXcThj8vSHzJ0JgFn4pA46JTAKF7F 8jsh6KKI2L8Kl9qvXx/dUNogO4A9ovt3KZ5tjiicg5kVds2x33A= =64gY -----END PGP SIGNATURE-----