Package: release.debian.org Severity: normal Tags: bookworm Control: affects -1 + src:filezilla User: release.debian....@packages.debian.org Usertags: pu
[ Reason ] Fix CVE-2024-31497. [ Impact ] In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key. https://security-tracker.debian.org/tracker/CVE-2024-31497 [ Tests ] Manual testing on own infrastructure. [ Risks ] The fix is a clean one and the regression risk is quite low. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in stable [x] the issue is verified as fixed in unstable [ Changes ] Imported and backported the upstream patch that fixes CVE-2024-31497. Regards Phil -- Homepage: https://kathenas.org Instagram: https://instgram.com/kathenasorg Support my Free/Open Source Software contribution... Buy Me A Coffee: https://www.buymeacoffee.com/kathenasorg
filezilla_3.63.0-1+deb12u3_to_filezilla_3.63.0-1+deb12u4.debdiff
Description: Binary data
signature.asc
Description: This is a digitally signed message part
