putty (0.74-1+deb11u1~deb10u2) buster-security; urgency=critical

   Previous putty versions were affected by CVE-2024-31497,
   a critical vulnerability that generates signatures
   from ECDSA private keys that use the NIST P521 curve.
   The effect of the vulnerability is to compromise the private key.

   An attacker in possession of a few dozen signed messages and the public
   key has enough information to deduce the private key, and then forge
   signatures as if they were made by the victim. This allows the attacker
   to (for instance) log in to any servers the victim uses that key for.
   To obtain these signatures, an attacker need only briefly compromise
   any server the victim uses the key to authenticate to.

   Therefore, if you have any NIST-P521 ECDSA key, we strongly recommend
   you to replace it with a freshly new created with a fixed version of
   putty. Then, to revoke the old public key and remove it from any
   machine where you use it to login into, so that a signature
   from the compromised key has no value any more.

   The only affected key type is 521-bit ECDSA. That is, a key that appears
   in Windows PuTTYgen with ecdsa-sha2-nistp521 at the start of the
   'Key fingerprint' box, or is described as 'NIST p521', or has an id
   starting ecdsa-sha2-nistp521 in the SSH protocol or the key file.
   Other sizes of ECDSA, and other key algorithms, are unaffected.
   In particular, Ed25519 is not affected. 
   
 -- Bastien Roucariès <rouca@debian.org>  Mon, 29 Apr 2024 16:55:15 +0000

