kumquat-buildroot/package/putty/putty.hash
Fabrice Fontaine 70455e092e package/putty: security bump to version 0.81
The only change between 0.80 and 0.81 is one security fix:

 - ECDSA signatures using 521-bit keys (the NIST P521 curve, otherwise
   known as ecdsa-sha2-nistp521) were generated with biased random
   numbers. This permits an attacker in possession of a few dozen
   signatures to RECOVER THE PRIVATE KEY.

   Any 521-bit ECDSA private key that PuTTY or Pageant has used to
   sign anything should be considered compromised.

   This vulnerability has the identifier CVE-2024-31497.

Update hash of LICENCE file (update in year with
https://git.tartarus.org/?p=simon/putty.git;a=commit;h=f2f28ac0386eebbd45ea605818d31d62d219f589)

https://lists.tartarus.org/pipermail/putty-announce/2024/000038.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bd6fa8d13b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-06-08 15:53:38 +02:00

8 lines
499 B
Plaintext

# Hashes from: http://the.earth.li/~sgtatham/putty/0.80/{sha1,sha256,sha512}sums
sha1 8c88d871855d3730a0473bb1cb1006654e73b680 putty-0.81.tar.gz
sha256 cb8b00a94f453494e345a3df281d7a3ed26bb0dd7e36264f145206f8857639fe putty-0.81.tar.gz
sha512 d86f2fd0e126b18275d58cf64334b3b27c450899a1c2be2502de9faa2ef58f7fc8efc5d45f25c8395623f1e21917aa02407343bb2fee44c4c00b9f81267d5ecd putty-0.81.tar.gz
# Locally calculated
sha256 e0410341c5e45f7479c28d79298edbf615589cdfc115b2d69683d4ccd0425ce0 LICENCE