-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 07 Aug 2013 10:11:18 +0100 Source: putty Binary: pterm putty putty-tools putty-doc Architecture: source i386 all Version: 0.62-9+deb7u1 Distribution: stable-security Urgency: high Maintainer: Colin Watson <cjwatson@debian.org> Changed-By: Colin Watson <cjwatson@debian.org> Description: pterm - PuTTY terminal emulator putty - Telnet/SSH client for X putty-doc - PuTTY HTML documentation putty-tools - command-line tools for SSH, SCP, and SFTP Closes: 718779 Changes: putty (0.62-9+deb7u1) stable-security; urgency=high . * CVE-2013-4206: Buffer underrun in modmul could corrupt the heap. * CVE-2013-4852: Negative string length in public-key signatures could cause integer overflow and overwrite all of memory (closes: #718779). * CVE-2013-4207: Non-coprime values in DSA signatures can cause buffer overflow in modular inverse. * CVE-2013-4208: Private keys were left in memory after being used by PuTTY tools. * Backport some general proactive potentially-security-relevant tightening from upstream. Checksums-Sha1: f27c50df1b835e13ccedca78b1162d4c283659aa 2068 putty_0.62-9+deb7u1.dsc 5898438614117ee7e3704fc3f30a3c4bf2041380 1783106 putty_0.62.orig.tar.gz 0f97ae11e0e1c7688fe1be73856b02d56cf75b27 28337 putty_0.62-9+deb7u1.debian.tar.gz ef71f8ba97fd9c0a41bfcac876b7755a6e81cf66 201010 pterm_0.62-9+deb7u1_i386.deb e05f9707d1f9cf600171d4f3a955bfebd03b3363 343612 putty_0.62-9+deb7u1_i386.deb 9559f7e964c00407af2aab99ca9664e95759034e 704140 putty-tools_0.62-9+deb7u1_i386.deb 0d2a709c16b35afee0057aaf48890db3fb0015ab 174634 putty-doc_0.62-9+deb7u1_all.deb Checksums-Sha256: 9762b5a2ff1c734b9aa10132b2acf7f52540a25de7bf1d4d1647e217b6a3ce62 2068 putty_0.62-9+deb7u1.dsc 8d187e86ee18c839895d263607b61788778564e3720e8d85c5305a04f9da0573 1783106 putty_0.62.orig.tar.gz a83dede5d2c02b6e026b6ac264b10ffe4bdbdcd1ca9848918fe503bfdb8e0f42 28337 putty_0.62-9+deb7u1.debian.tar.gz 84468cc30f4d69603ab8035d1c701af9e55756e88ad2d146017e60be1610509e 201010 pterm_0.62-9+deb7u1_i386.deb dd5da5551aaecb8c82b6e42632c362fba4cbe31db01bea45a363919d759def9c 343612 putty_0.62-9+deb7u1_i386.deb 74ac6037a1b29798831897aa326d3bb1f2042f02207797f5ccfb19996f8aeb82 704140 putty-tools_0.62-9+deb7u1_i386.deb a1fb4e0c559e0c2273f291143fea54d3b960a19ac4d4545c5a1536b80c9a9539 174634 putty-doc_0.62-9+deb7u1_all.deb Files: c6828c5cca977f2c309a32313a5e58b2 2068 net optional putty_0.62-9+deb7u1.dsc 1344b606a680a9036df0fc3a05e62e71 1783106 net optional putty_0.62.orig.tar.gz c46fe76f5116faefb5173398f411ddd2 28337 net optional putty_0.62-9+deb7u1.debian.tar.gz 2bb36a90bbed7083a8ba39e855a3f633 201010 x11 optional pterm_0.62-9+deb7u1_i386.deb 50e1a51a16eb3e9b8d6d98c2e6c8ecb2 343612 net optional putty_0.62-9+deb7u1_i386.deb 556656e5bb0ac3dc2fe3ee6dffe1c286 704140 net optional putty-tools_0.62-9+deb7u1_i386.deb 25906b907f36d06503eff1723cbb61ee 174634 doc optional putty-doc_0.62-9+deb7u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Colin Watson <cjwatson@debian.org> -- Debian developer iQIVAwUBUgInTDk1h9l9hlALAQgv7Q/+LGVxPXG9KK9th+Q82+ArQu/NoA7VqPL8 ugZ2VlqNtoKxekyV/iO+gqg7rmYiRY3gljpBPs8x8sDUvkw0YxjRcwU0Y4l2l61J E3b1Y0VAm4sMaDK7Wa3rRMuzQtrIaKbCVkz9UOxNi3OAzaRlM+V5yP0vo0mlPdp1 7BdqMWEPolXinZmA3jgQ8+jvf0cLUt0bScq0IevgT7jmQ1bf/BPqHck5IDGcCRzt Glx4Sw/UEgeTxUwZCuVcHVmGIVLpI9gazdqXOYOCeGX2MnjqroBY4DYUV459DNhf yF4tITdYnbUFBviQZKf9T31/EDEzwyNX90VFi6dfof24TDqBooF+vUjS3CzAs+1N 7U9AUVmoPsinqg3DK/D2k1KiWQBbGpSsuKFqvVMfvR9hygmN7pjrtN0PihSUOarL 7Gsi/OvM+kX4g2ZXOUgR00Fw2RPEe4hDZ5Kt2hACj87quk8tS2sG1+0lvTI9S3jO A97tSbS058cVyMBFL3OdSflNFjwHkSrd0eG5NOYOt8wpSxiZXA3KhZtyvfi7DYy9 wsPElUH86s1YsbNYtslJBGb9LPiYCDNcxvHRtrb1fSY3HnNcRIVrM2nro9JwoCBK UVgZfPQDtaWFSOJetF9vJdMMT4ukvzgjsr9ovuEwn3zdy1WcAtswpVWEKLPNWqsv msfY8KnLAuE= =wTTO -----END PGP SIGNATURE-----