-
putty (0.63-4ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: PuTTY did not properly wipe SSH-2 Private Keys from
system memory, which can allow local users to obtain sensitive information
by reading the memory. (LP: #1467631)
- debian/patches/private-key-not-wiped-2.patch: Add in fix patch from
Debian 0.63-10 packaging. Thanks to Patrick Coleman for the original
patch.
- CVE-2015-2157
-- Thomas Ward <email address hidden> Mon, 22 Jun 2015 14:07:28 -0400
-
putty (0.63-4) unstable; urgency=medium
* Backport from upstream (Simon Tatham):
- Fix assertion failure in Unix PuTTYgen exports (LP: #1289176).
-- Colin Watson <email address hidden> Tue, 08 Apr 2014 12:19:08 +0100
-
putty (0.63-3) unstable; urgency=medium
* Use dh-autoreconf, with the aid of a few upstream patches to make things
work with current autotools.
* Backport upstream patch to add some assertions in sshzlib.c, fixing
build with -O3.
-- Colin Watson <email address hidden> Wed, 12 Mar 2014 12:07:04 +0000
-
putty (0.63-2) unstable; urgency=low
* Support parallel builds.
* Switch to git; adjust Vcs-* fields.
-- Colin Watson <email address hidden> Wed, 08 Jan 2014 13:01:57 +0000
-
putty (0.63-1) unstable; urgency=low
* New upstream release.
- CVE-2013-4206: Buffer underrun in modmul could corrupt the heap.
- CVE-2013-4852: Negative string length in public-key signatures could
cause integer overflow and overwrite all of memory (closes: #718779).
- CVE-2013-4207: Non-coprime values in DSA signatures can cause buffer
overflow in modular inverse.
- CVE-2013-4208: Private keys were left in memory after being used by
PuTTY tools.
- Allow using a bold colour and a bold font at the same time (closes:
#193352).
- Use a monotonic clock (closes: #308552).
* Switch to the Autotools-based build system.
* Upgrade to debhelper v9.
-- Colin Watson <email address hidden> Wed, 07 Aug 2013 04:00:18 +0100