putty (0.78-2+deb12u2) bookworm; urgency=medium

   Previous PuTTY versions were affected by CVE-2024-31497,
   a critical vulnerability that generates signatures
   from ECDSA private keys that use the NIST P521 curve.
   The effect of the vulnerability is to compromise the private key.

   An attacker in possession of a few dozen signed messages and the public
   key has enough information to deduce the private key, and then forge
   signatures as if they were made by the victim. This allows the attacker
   to (for instance) log in to any servers the victim uses that key for.
   To obtain these signatures, an attacker need only briefly compromise
   any server the victim uses the key to authenticate to.

   Therefore, if you have any NIST-P521 ECDSA key, we strongly recommend
   that you replace it with one created with a fixed version of
   PuTTY. Then, revoke the old public key and remove it from any
   machine where you use it to log in, so that a signature
   from the compromised key has no value any more.

   The only affected key type is 521-bit ECDSA. That is, a key that appears
   in Windows PuTTYgen with ecdsa-sha2-nistp521 at the start of the
   'Key fingerprint' box, or is described as 'NIST p521', or has an id
   starting ecdsa-sha2-nistp521 in the SSH protocol or the key file.
   Other sizes of ECDSA, and other key algorithms, are unaffected.
   In particular, Ed25519 is not affected. 

 -- Bastien Roucariès <rouca@debian.org>  Mon, 29 Apr 2024 16:55:15 +0000