922132c39e
As described in the announcement, this fixes a security issue: There is one security fix in this release: - Fix for a newly discovered security issue known as the 'Terrapin' attack, also numbered CVE-2023-48795. The issue affects widely-used OpenSSH extensions to the SSH protocol: the ChaCha20+Poly1305 cipher system, and 'encrypt-then-MAC' mode. In order to benefit from the fix, you must be using a fixed version of PuTTY _and_ a server with the fix, so that they can agree to adopt a modified version of the protocol. Alternatively, you may be able to reconfigure PuTTY to avoid selecting any of the affected modes. If PuTTY 0.80 connects to an SSH server without the fix, it will warn you if the initial protocol negotiation chooses an insecure mode to run the connection in, so that you can abandon the connection. If it's possible to alter PuTTY's configuration to avoid the problem, then the warning message will tell you how to do it. https://lists.tartarus.org/pipermail/putty-announce/2023/000037.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> |
||
---|---|---|
.. | ||
Config.in | ||
putty.hash | ||
putty.mk |