-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 23 Apr 2019 19:03:02 +0200 Source: putty Binary: pterm putty putty-tools putty-doc Architecture: source amd64 all Version: 0.63-10+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Colin Watson <cjwatson@debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: pterm - PuTTY terminal emulator putty - Telnet/SSH client for X putty-doc - PuTTY HTML documentation putty-tools - command-line tools for SSH, SCP, and SFTP Changes: putty (0.63-10+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2019-9897 - Fix crash printing a width-2 char in a width-1 terminal. - Limit the number of combining chars per terminal cell. - Fix crash on ESC#6 + combining chars + GTK + odd-width terminal. * CVE-2019-9894 RSA kex: enforce the minimum key length. * CVE-2019-9898 Fix one-byte buffer overrun in random_add_noise(). * additional patches from upstream that are security related and as well present in the Stretch version of putty - In random_add_noise, put the hashed noise into the pool, not the raw noise. - sk_tcp_close: fix memory leak of output bufchain. - Fix handling of bad RSA key with n=p=q=0. - Sanity-check the 'Public-Lines' field in ppk files. - Introduce an enum of the uxsel / select_result flags. Checksums-Sha1: 66e595cf5e5a809fe1e149ea82a20f2c388942a8 2205 putty_0.63-10+deb8u2.dsc 195c0603ef61082b91276faa8d4246ea472bba3b 1887913 putty_0.63.orig.tar.gz 9449083c66119e2a44bd375447720a31bcdd1b49 72056 putty_0.63-10+deb8u2.debian.tar.xz 8030fb587aea20f2c686ca3acb577969cfb11454 182968 pterm_0.63-10+deb8u2_amd64.deb 38aad7ec482e653076abf310816d0e73f2e02fd4 310828 putty_0.63-10+deb8u2_amd64.deb ab3c21573956ea60e7e153ba7855cd4eb30a95c8 323664 putty-tools_0.63-10+deb8u2_amd64.deb 0259517b932d2c0b402b458045f952454d9fc0df 137176 putty-doc_0.63-10+deb8u2_all.deb Checksums-Sha256: 6b9078d46bccc1c7bea5bf5ad244735e752cbc9ac146301427a4bc555f49c50f 2205 putty_0.63-10+deb8u2.dsc 81e8eaaf31be7d9a46b4f3fb80d1d9540776f142cd89d0a11f2f8082dc68f8b5 1887913 putty_0.63.orig.tar.gz 4efc99ac9d084c98e019bc4c20fc4047ef2ad3255da0c8a95a2c2c7e3b4c6c84 72056 putty_0.63-10+deb8u2.debian.tar.xz f79dbf0be65b97c651b2ef9d39c9f32639486066020f7d7e31cfa3523b9edda2 182968 pterm_0.63-10+deb8u2_amd64.deb 771571d9e7cf3744738166e483fb074a6e87116b2bfa74e4e2c02592ed1f43cc 310828 putty_0.63-10+deb8u2_amd64.deb b2d836952f8cefea23609646d9abfc986d167affd5b851c20fe37ab2f3ef5c44 323664 putty-tools_0.63-10+deb8u2_amd64.deb 9fc057f9685fdf3d3680fec2f44a25a37103f40042fda813f0f1c819a38c2459 137176 putty-doc_0.63-10+deb8u2_all.deb Files: bd0bf84a9743fcb099d79fc66acb03cc 2205 net optional putty_0.63-10+deb8u2.dsc 567207b590a149656454d6e6ea7af124 1887913 net optional putty_0.63.orig.tar.gz 2e125b9b901f529f094cdc2a047eddee 72056 net optional putty_0.63-10+deb8u2.debian.tar.xz 4e79e5909555df94723bf74d8cf6b2a5 182968 x11 optional pterm_0.63-10+deb8u2_amd64.deb af841bd76be06133d237b854206b4f9c 310828 net optional putty_0.63-10+deb8u2_amd64.deb d4bd2941dcae24209bfb9a77ade17209 323664 net optional putty-tools_0.63-10+deb8u2_amd64.deb b04587d258f466b920ed9044ec9f7f32 137176 doc optional putty-doc_0.63-10+deb8u2_all.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlzApipfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR6N+D/90GiRnY++uZGD+lZjhYbq9iKiTiUSi 3YTpknwrYdU0k3C1lZIes+Xcc1x7Jwszjyh5ONzTR5VLa9b1prr4bEfK0WmxwQRw O5mpzvDhnpaSOj1Jh+NVdB8j2C4pbh9GDV1F+ZUagvTvJp9eQkIGqxl1dK4Lqo1B nwfx6K2YzqgBnsTBuW0M05rdWGKJgmYDnxGPtSr+pxfr1ym+HlIOy4sdWtu57wwa Kd3nVG5wDVQZNj8FAkzWN/kUGG/AwI1+bVqT/RVV34RQtiQQw3RY3ijbKG+RZZPu AjUaNYV+KDpKmgErwHt6cBLPqiPRY3fHNybGN2JQCglmjIqtNgSMCTmP87gfVz6a BtWwzEPCXYJKZPUA1XCngHWBdNaJZKvCUnhVG0a/yHcx+HTDQd7i0ytnFdiNHhS6 64/BI7A9XY+WWk1GGpakE/mBy2fNBppAzaCU2zfuaYzgxw/cai5sm6ev5KwDRtjm bvF8J2Ub4rh37xZDxnbwCcDu4GIY/mUgA2Ra/ytBXWMnSK0yFkvE82os2JYKneOX iVNU5kFJay3J8VCBK5dDewgbVjZGcjYZqFJBoRepn+sPf+azmgCunjeh2QXal8gJ s+vsQe8so1n9dyo0lvoTcHk2yUNwbpeUk+vFQKUYOLkhRVd0j1ukl5o0OGV/Z2fv rqAiYWPnccN5Xg== =XLcj -----END PGP SIGNATURE-----
