Debian Package Tracker

From: Colin Watson <cjwatson@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted putty 0.67-3+deb9u1 (source) into proposed-updates->stable-new, proposed-updates
Date: Thu, 04 Apr 2019 21:47:08 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 02 Apr 2019 19:32:53 +0100
Source: putty
Architecture: source
Version: 0.67-3+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Colin Watson <cjwatson@debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Changes:
 putty (0.67-3+deb9u1) stretch-security; urgency=high
 .
   * Backport security fixes from 0.71:
     - In random_add_noise, put the hashed noise into the pool, not the raw
       noise.
     - New facility for removing pending toplevel callbacks.
     - CVE-2019-9898: Fix one-byte buffer overrun in random_add_noise().
     - uxnet: clean up callbacks when closing a NetSocket.
     - sk_tcp_close: fix memory leak of output bufchain.
     - Fix handling of bad RSA key with n=p=q=0.
     - Sanity-check the 'Public-Lines' field in ppk files.
     - Introduce an enum of the uxsel / select_result flags.
     - CVE-2019-9895: Switch to using poll(2) in place of select(2).
     - CVE-2019-9894: RSA kex: enforce the minimum key length.
     - CVE-2019-9897: Fix crash on ESC#6 + combining chars + GTK + odd-width
       terminal.
     - CVE-2019-9897: Limit the number of combining chars per terminal cell.
     - minibidi: fix read past end of line in rule W5.
     - CVE-2019-9897: Fix crash printing a width-2 char in a width-1
       terminal.
Checksums-Sha1:
 66c3c4ccc300d8a6faa0134febf6a645b048d81f 2114 putty_0.67-3+deb9u1.dsc
 132ff74266e590a007f86cbb4bea5642db7bdd76 1955547 putty_0.67.orig.tar.gz
 87df006704ed1cdf71b746f90fa05d808e82bff3 35256 putty_0.67-3+deb9u1.debian.tar.xz
 df541c06b62de384e118b0d48b9a90ab1f112527 11766 putty_0.67-3+deb9u1_source.buildinfo
Checksums-Sha256:
 47fe476e7c5265d65cb6b5c523c05a53a97255271deb45a8bbc76b59e540fd78 2114 putty_0.67-3+deb9u1.dsc
 80192458e8a46229de512afeca5c757dd8fce09606b3c992fbaeeee29b994a47 1955547 putty_0.67.orig.tar.gz
 6d009bd50f35fbd3c3d153344e9f96f06510defed55328d1f981affbdf83acb6 35256 putty_0.67-3+deb9u1.debian.tar.xz
 561a3c6b09f9749a21bf978e88acf53d470b3579cedc70df4f88a5e69f75cb94 11766 putty_0.67-3+deb9u1_source.buildinfo
Files:
 b07c0c0e853fa792410afb6bdab3cddb 2114 net optional putty_0.67-3+deb9u1.dsc
 8d5d450e8f9a011e2e411e3f30827e9b 1955547 net optional putty_0.67.orig.tar.gz
 f62eb35a612838730c8e9835863710e0 35256 net optional putty_0.67-3+deb9u1.debian.tar.xz
 2e7b7f72a77dad872f0e495134d0bd7a 11766 net optional putty_0.67-3+deb9u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAlyjv+AACgkQOTWH2X2G
UAv7CRAAtbwY3xp4VjzeYE4RkXOJWrr5MjoYBlVnxlIPSgSie0Lc8rYjxium7MA7
WXmQa9P0XzoIOXnEoSK/K6RF5y8/l+6U28amoSxW8jHcaCSYqDJCpivF9gyE8PIS
DXWhgK9CaY+h3LRHQYgcAoAmQgo3A8huDlIIAIcVzYpVWjSUAr6ABzQTuDAtjv/R
1QbTX+nA88PsIP/kYXoHnWbXaVlMF6iVB6WlnRDYj8KJKLCc92YL5K5ZOy+G2gMf
CFUAvowxE/9sBPvy4yL2wTNi2K+YHxLHkm+lRGNJS7lnKWHS8f1myCnPsFxXjqt3
fne+ITio7Al3W0dGrMuojmN7Ptigl+qFvu8APBWx35ExxcdlGJUkcIF+KcBZc+Vc
+6V7/FKnOCWWj81IB2F0JyrvsCnpTb3ofXM/ejtqiHpp47E5vlKf1mfICH69Rh4b
7J3mgsOwvCXNoYozTEjcvtbANujZ9u88TOMRwkJDYzYrlvIogl04g6mdYZiDfZe3
lx9QIDNR93fhtStGm3HgCflcYqUi8BBXXM3McOYk7kBlRNwngRqsYkNuCLJhWwC/
rikCnjTocGTVGgwR1DOescar4ZEhh7B11qraPmCwF9N9IObC2LSGldELhoxr08rT
iDdfEZEGLyxImKApivixqNgHlKYJAYssy2P2dvXL3alz7hwjjiY=
=ienY
-----END PGP SIGNATURE-----
News for package putty
