Your message dated Sun, 21 Apr 2024 21:49:44 +0100
with message-id <8814b02ec05bd7b8f90a85b1785fd1bdb66134b9.ca...@kathenas.org>
and subject line Re: Bug#1069567: bookworm-pu: package
filezilla/3.63.0-1+deb12u4
has caused the Debian Bug report #1069567,
regarding bookworm-pu: package filezilla/3.63.0-1+deb12u4
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1069567: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069567
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
Control: affects -1 + src:filezilla
User: release.debian....@packages.debian.org
Usertags: pu
[ Reason ]
Fix CVE-2024-31497.
[ Impact ]
In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation
allows an attacker to recover a user's NIST P-521 secret key.
https://security-tracker.debian.org/tracker/CVE-2024-31497
[ Tests ]
Manual testing on own infrastructure.
[ Risks ]
The fix is a clean one and the regression risk is quite low.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in stable
[x] the issue is verified as fixed in unstable
[ Changes ]
Imported and backported the upstream patch that fixes CVE-2024-31497.
Regards
Phil
--
Homepage: https://kathenas.org
Instagram: https://instgram.com/kathenasorg
Support my Free/Open Source Software contribution...
Buy Me A Coffee: https://www.buymeacoffee.com/kathenasorg
filezilla_3.63.0-1+deb12u3_to_filezilla_3.63.0-1+deb12u4.debdiff
Description: Binary data
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
Closing.
Needs further review and then re-submission.
Regards
Phil
On Sat, 2024-04-20 at 15:59 +0100, Phil Wyett wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> Control: affects -1 + src:filezilla
> User: release.debian....@packages.debian.org
> Usertags: pu
>
> [ Reason ]
> Fix CVE-2024-31497.
>
> [ Impact ]
> In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation
> allows an attacker to recover a user's NIST P-521 secret key.
>
> https://security-tracker.debian.org/tracker/CVE-2024-31497
>
> [ Tests ]
> Manual testing on own infrastructure.
>
> [ Risks ]
> The fix is a clean one and the regression risk is quite low.
>
> [ Checklist ]
> [x] *all* changes are documented in the d/changelog
> [x] I reviewed all changes and I approve them
> [x] attach debdiff against the package in stable
> [x] the issue is verified as fixed in unstable
>
> [ Changes ]
> Imported and backported the upstream patch that fixes CVE-2024-31497.
>
> Regards
>
> Phil
>
--
Homepage: https://kathenas.org
Instagram: https://instgram.com/kathenasorg
Support my Free/Open Source Software contribution...
Buy Me A Coffee: https://www.buymeacoffee.com/kathenasorg
signature.asc
Description: This is a digitally signed message part
--- End Message ---
