Accepted putty 0.74-1+deb11u2 (source) into oldstable-proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted putty 0.74-1+deb11u2 (source) into oldstable-proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sun, 11 Aug 2024 11:32:29 +0000
Message-id: <[🔎] E1sd6oH-00FuFT-Kv@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 16 Jul 2024 10:13:59 +0000
Source: putty
Architecture: source
Version: 0.74-1+deb11u2
Distribution: bullseye
Urgency: medium
Maintainer: Colin Watson <cjwatson@debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Changes:
 putty (0.74-1+deb11u2) bullseye; urgency=medium
 .
   * Non-maintainer upload.
   * Cherry-pick from upstream:
     - Refactor the ssh_hash vtable.
     - Add an extra HMAC constructor function.
     - Fix CVE-2024-31497: biased ECDSA nonce generation allows an attacker
       to recover a user's NIST P-521 secret key via a quick attack in
       approximately 60 signatures. In other words, an adversary
       may already have enough signature information to compromise a victim's
       private key, even if there is no further use of vulnerable PuTTY
       versions.
Checksums-Sha1:
 1b0091cd60ed9a4f1772ff521153b75dfa26f9f3 2369 putty_0.74-1+deb11u2.dsc
 17b160e9720f67f9af9399d7d185b913b81f18fe 2476513 putty_0.74.orig.tar.gz
 4cfc0b8fdbd3b9dd41d311e5bd484b13a472d87e 659 putty_0.74.orig.tar.gz.asc
 a47a6d52ddae0a0b5b224d03e3492368625c1e7d 52448 putty_0.74-1+deb11u2.debian.tar.xz
 5b741168f3bda0b4b5f82d4dd2b64cdab72b0fb9 16669 putty_0.74-1+deb11u2_amd64.buildinfo
Checksums-Sha256:
 36e722ded872da89ae8d6d343e11a7f7e52f5b7f6184d9e4d79b46d6b591f24f 2369 putty_0.74-1+deb11u2.dsc
 ddd5d388e51dd9e6e294005b30037f6ae802239a44c9dc9808c779e6d11b847d 2476513 putty_0.74.orig.tar.gz
 923b0e49df555c07fbfef8f3d673c505f24f31879761c1568018457cb3f725d1 659 putty_0.74.orig.tar.gz.asc
 a42564998fff21180a8113a10c0d37bf9879ae8a2b1cbb88f716b2e51f6a97e7 52448 putty_0.74-1+deb11u2.debian.tar.xz
 c16958714141fb24291e307e1738d8745459860c335b300a4820e06c6c53582d 16669 putty_0.74-1+deb11u2_amd64.buildinfo
Files:
 14a6bd6c6a9833efe91caf1a6fa48760 2369 net optional putty_0.74-1+deb11u2.dsc
 dbfa58f22a91b22b7489173e9dd09e30 2476513 net optional putty_0.74.orig.tar.gz
 8b441a70d5a1403dd20cf546914ab745 659 net optional putty_0.74.orig.tar.gz.asc
 6032200f2e395d2ea64fc9362247052e 52448 net optional putty_0.74-1+deb11u2.debian.tar.xz
 c7eacac945ced8b2707974042f628e31 16669 net optional putty_0.74-1+deb11u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAma4fWwRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF+gNA//aBw1Vfqfc3Kg8Sa6IT6ODz2egB0Ms1O2
S/oky6GQUv30wGRL7dcFNpCn1xvFVWYe7N0tSyO/H5dYVlRvOndPT0PwCziQq4Oo
jxadXy7LKYZ4qB8gUUke1dX6P/59bhEH8ZDQJUn1kK/BpBW+OlTD7B8N6kAi94Yf
CfdwaEQCX882MjVyBq08gFHdPng/ZqJwO0yffnk9hfcXvWKlhctyHS7y8t7nLkpS
0bDbtZJSmqjuVXFbgfooDELEnTRVIkpQUyJtDp/cfbnZmK2N4jLIyIs9GyeMgKuN
dunCy1XlPN47Fvg70XAWcGyNXxbjxVqew/DSZhkv9I00ktQ8xDIWVttdG+umB7w1
hoDOONYwnj+sigpMCzTKomwopGoHsIGzg03c8HLKEOqNB2gkzxWLF+hEsSEDqw4C
9PP6qql4NyABPm0zmXcTDIwYfvcLfsXOaxeNEw4Hw6OmJCnbkANYvhQepdG0YZVp
G+G+s0fBigIZczJZEviIay2uej35QnkaHkYNN1DScSakSfXFTPHlRPINsee3f2uK
lHjXYKcuZFdgAvuvzJImqqy/fsiUaFC5NA2PrdL+i79w1iTNNNV/jNVFpfdXU3m7
B7eAQmMESylob3Vexi8Y7NpxVTSLXXA95tYbxXlb8xsNcmcIhK+SPWsC6lgPoMGN
WkEgu977TcQ=
=tPnh
-----END PGP SIGNATURE-----

Attachment: pgpuXqClQEVk7.pgp
Description: PGP signature

Reply to:

Prev by Date: Accepted poe.app 0.5.1-6+deb11u1 (source) into oldstable-proposed-updates
Next by Date: Accepted postgresql-15 15.8-0+deb12u1 (source) into proposed-updates
Previous by thread: Accepted poe.app 0.5.1-6+deb11u1 (source) into oldstable-proposed-updates
Next by thread: Accepted postgresql-15 15.8-0+deb12u1 (source) into proposed-updates
Index(es):
- Date
- Thread