Your message dated Sun, 21 Apr 2024 21:49:44 +0100 with message-id <8814b02ec05bd7b8f90a85b1785fd1bdb66134b9.ca...@kathenas.org> and subject line Re: Bug#1069567: bookworm-pu: package filezilla/3.63.0-1+deb12u4 has caused the Debian Bug report #1069567, regarding bookworm-pu: package filezilla/3.63.0-1+deb12u4 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1069567: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069567 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: release.debian.org Severity: normal Tags: bookworm Control: affects -1 + src:filezilla User: release.debian....@packages.debian.org Usertags: pu [ Reason ] Fix CVE-2024-31497. [ Impact ] In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key. https://security-tracker.debian.org/tracker/CVE-2024-31497 [ Tests ] Manual testing on own infrastructure. [ Risks ] The fix is a clean one and the regression risk is quite low. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in stable [x] the issue is verified as fixed in unstable [ Changes ] Imported and backported the upstream patch that fixes CVE-2024-31497. Regards Phil -- Homepage: https://kathenas.org Instagram: https://instgram.com/kathenasorg Support my Free/Open Source Software contribution... Buy Me A Coffee: https://www.buymeacoffee.com/kathenasorgfilezilla_3.63.0-1+deb12u3_to_filezilla_3.63.0-1+deb12u4.debdiff
Description: Binary datasignature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---Closing. Needs further review and then re-submission. Regards Phil On Sat, 2024-04-20 at 15:59 +0100, Phil Wyett wrote: > Package: release.debian.org > Severity: normal > Tags: bookworm > Control: affects -1 + src:filezilla > User: release.debian....@packages.debian.org > Usertags: pu > > [ Reason ] > Fix CVE-2024-31497. > > [ Impact ] > In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation > allows an attacker to recover a user's NIST P-521 secret key. > > https://security-tracker.debian.org/tracker/CVE-2024-31497 > > [ Tests ] > Manual testing on own infrastructure. > > [ Risks ] > The fix is a clean one and the regression risk is quite low. > > [ Checklist ] > [x] *all* changes are documented in the d/changelog > [x] I reviewed all changes and I approve them > [x] attach debdiff against the package in stable > [x] the issue is verified as fixed in unstable > > [ Changes ] > Imported and backported the upstream patch that fixes CVE-2024-31497. > > Regards > > Phil > -- Homepage: https://kathenas.org Instagram: https://instgram.com/kathenasorg Support my Free/Open Source Software contribution... Buy Me A Coffee: https://www.buymeacoffee.com/kathenasorgsignature.asc
Description: This is a digitally signed message part
--- End Message ---