-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 16 Jul 2024 10:44:03 +0000
Source: putty
Architecture: source
Version: 0.78-2+deb12u2
Distribution: bookworm
Urgency: medium
Maintainer: Colin Watson <cjwatson@debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Changes:
 putty (0.78-2+deb12u2) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Cherry-pick from upstream:
     - Add an extra HMAC constructor function
     - Fix CVE-2024-31497: biased ECDSA nonce generation allows an attacker
       to recover a user's NIST P-521 secret key via a quick attack in
       approximately 60 signatures. In other words, an adversary
       may already have enough signature information to compromise a victim's
       private key, even if there is no further use of vulnerable PuTTY
       versions.
   * Run test/cryptsuite.py during build.
Checksums-Sha1:
 66d4b247abd2bb056cc81f21630164ac5da50c4a 2455 putty_0.78-2+deb12u2.dsc
 aa986da546af967b9dc7619f6549c9e6bea9ccdb 56528 putty_0.78-2+deb12u2.debian.tar.xz
 f4b25503b46c1e7b96f03a37cc9cd0e29db1f75d 17049 putty_0.78-2+deb12u2_amd64.buildinfo
Checksums-Sha256:
 e589b49ae60a609fc52386dd77fb8d361068632d49700fba0d5b97fed35ca8d5 2455 putty_0.78-2+deb12u2.dsc
 114c028e708ab87c60d4bc7309710c53e124f89573b739ee5c4ce3398b9598e7 56528 putty_0.78-2+deb12u2.debian.tar.xz
 c3c838e8f8b48ec8fa64056b66d788c95a6df88d5abc34c8221c4ca8b4c43c6f 17049 putty_0.78-2+deb12u2_amd64.buildinfo
Files:
 bbf1c2bc92136a3318cf1782ddad6dc0 2455 net optional putty_0.78-2+deb12u2.dsc
 ee6888836cac4940134f66497ac41ce2 56528 net optional putty_0.78-2+deb12u2.debian.tar.xz
 46ad6ca22d8d5b8d3cb5d3cae81a7c6e 17049 net optional putty_0.78-2+deb12u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmbBAO8RHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF9/Hw/+KVhETjuCqaySZBMFcdBHXLaym986IG50
AbL+2hoDew0qCC2LUoPYJZH1rUGkOcPUvuANW+D3KY6RP22s3N0F1UfxyS9AIdcz
0pZVukzNDy+WPNL0luAt3t5l0r4Bl7PcDMhAf9PK7Gku/0xmvN394kCLOVhm1J0H
eUMsay+mlN5l2fwlcWG3W3IwueFzyHbxuvyXRDdevnY2m5rUpK0ShLGmoV84PYha
B4YMW6o/WkLzk8pmU0YtdTAaU7RGKxhOt2DTfD/Ka/Dz+qgwFLkWh9t6jwTBpcrb
iLUB8Ee8Arotw0CmQy/bAivobriz6EVvsiycBG3X+uubxa972PdyDwjs0z/8ZwKI
pLrHjM9wtdiI/rxloUqlgzU9uqQcYrCs7Z1f5hmGMz+lip1EbwAnA9my3H5pxiyW
DqCrZftRO0m+NdPBKYhYWdCuZrVoDbcL9tT0ipzSLq3eCgFm7ruJiKAocwUXlTIE
BWWTdctPvs1pI108tG24AZPbdD6rTkmhKvLv8xGzfE4xb+E5el0VtEIntlF8iTdA
sDRUILV2dxxSzxAj/XN8LHQU9BcIirpRFrmlEkQE174qDrRvOfVHpH+P8vCHLmCg
j91sG2Oc870V/uA1Z6hxeIkCwVEbKWQzY6LIHj5KS6BLjFjJtAOpN71DYYMG2Krb
JEM4vncefwQ=
=vTfz
-----END PGP SIGNATURE-----