"Every version of the PuTTY tools from 0.68 to 0.80 inclusive has a critical vulnerability in the code that generates signatures from ECDSA private keys which use the NIST P521 curve. (PuTTY, or Pageant, generates a signature from a key when using it to authenticate you to an SSH server.)"
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bd80e49457a8d2ae823f8c1fd9329733cfdf7c6e commit bd80e49457a8d2ae823f8c1fd9329733cfdf7c6e Author: Matthew Smith <matthew@gentoo.org> AuthorDate: 2024-04-15 20:53:51 +0000 Commit: Matthew Smith <matthew@gentoo.org> CommitDate: 2024-04-15 20:54:06 +0000 net-misc/putty: add 0.81 Bug: https://bugs.gentoo.org/930082 Signed-off-by: Matthew Smith <matthew@gentoo.org> net-misc/putty/Manifest | 1 + net-misc/putty/putty-0.81.ebuild | 92 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 93 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4de767ddd30d85aac883649f2af1cf40546ccb46 commit 4de767ddd30d85aac883649f2af1cf40546ccb46 Author: Matthew Smith <matthew@gentoo.org> AuthorDate: 2024-04-18 07:27:16 +0000 Commit: Matthew Smith <matthew@gentoo.org> CommitDate: 2024-04-18 07:27:16 +0000 net-misc/putty: drop 0.81 (security cleanup) Bug: https://bugs.gentoo.org/930082 Signed-off-by: Matthew Smith <matthew@gentoo.org> net-misc/putty/Manifest | 1 - net-misc/putty/putty-0.81.ebuild | 92 ---------------------------------------- 2 files changed, 93 deletions(-)
... you dropped the wrong version!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d7c3ef126895c8dd48ac1458c0ded96bd4b7bba4 commit d7c3ef126895c8dd48ac1458c0ded96bd4b7bba4 Author: Matthew Smith <matthew@gentoo.org> AuthorDate: 2024-04-18 16:41:35 +0000 Commit: Matthew Smith <matthew@gentoo.org> CommitDate: 2024-04-18 16:42:33 +0000 net-misc/putty: drop 0.80 (security cleanup) Drop the vulnerable version, not the new fixed version. Bug: https://bugs.gentoo.org/930082 Signed-off-by: Matthew Smith <matthew@gentoo.org> net-misc/putty/Manifest | 1 - net-misc/putty/putty-0.80.ebuild | 92 ---------------------------------------- 2 files changed, 93 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=ef4ede3580e51230138e8a4e2751362012d1cbe6 commit ef4ede3580e51230138e8a4e2751362012d1cbe6 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-07-05 06:43:24 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-07-05 06:43:58 +0000 [ GLSA 202407-11 ] PuTTY: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/920304 Bug: https://bugs.gentoo.org/930082 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202407-11.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+)
