-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 08 Aug 2013 23:37:19 +0100 Source: putty Binary: pterm putty putty-tools putty-doc Architecture: source i386 all Version: 0.60+2010-02-20-1+squeeze2 Distribution: oldstable-security Urgency: high Maintainer: Colin Watson <cjwatson@debian.org> Changed-By: Colin Watson <cjwatson@debian.org> Description: pterm - PuTTY terminal emulator putty - Telnet/SSH client for X putty-doc - PuTTY HTML documentation putty-tools - command-line tools for SSH, SCP, and SFTP Closes: 718779 Changes: putty (0.60+2010-02-20-1+squeeze2) oldstable-security; urgency=high . * CVE-2011-4607: Passwords were left in memory using SSH keyboard-interactive auth. * CVE-2013-4206: Buffer underrun in modmul could corrupt the heap. * CVE-2013-4852: Negative string length in public-key signatures could cause integer overflow and overwrite all of memory (closes: #718779). * CVE-2013-4207: Non-coprime values in DSA signatures can cause buffer overflow in modular inverse. * CVE-2013-4208: Private keys were left in memory after being used by PuTTY tools. * Backport some general proactive potentially-security-relevant tightening from upstream. Checksums-Sha1: e2ea655cc9934b34cbba66292ab6d7e65b864712 1993 putty_0.60+2010-02-20-1+squeeze2.dsc ba8e8fa8b6d100165dc63c1f0be366d923018fe5 21204 putty_0.60+2010-02-20-1+squeeze2.debian.tar.gz 9c7235fe8054ff27c7894101d72b55c73884edc5 183452 pterm_0.60+2010-02-20-1+squeeze2_i386.deb e2cfe493f402822389d26fc24fe536b08ae067ff 307206 putty_0.60+2010-02-20-1+squeeze2_i386.deb dfe6dd9b833799cc4e15a34c2a03f1f93f57e016 614074 putty-tools_0.60+2010-02-20-1+squeeze2_i386.deb 79e2771f7da1d9bbeb5bd0dbf3970f9b584c5b3b 171746 putty-doc_0.60+2010-02-20-1+squeeze2_all.deb Checksums-Sha256: 56f40b3619f58b45647539b8a023f2d40eacd9e9ff80724af103567f7c6fb2ea 1993 putty_0.60+2010-02-20-1+squeeze2.dsc 4f3ec6d63c4c688609ab1579e9f203e020e536481c9dedfb713899462c480eda 21204 putty_0.60+2010-02-20-1+squeeze2.debian.tar.gz 1d2c3a05121ef0e14af44479afb3a172f7eff522317bf43088882e6a958e3983 183452 pterm_0.60+2010-02-20-1+squeeze2_i386.deb f986d408742afd54a44b3a916912bc8b914215c1337cb40a3f3a15f65c406d08 307206 putty_0.60+2010-02-20-1+squeeze2_i386.deb cbbf9cb4eefd3e83591ed2e726835320fe594f0761a1658526726244740604c9 614074 putty-tools_0.60+2010-02-20-1+squeeze2_i386.deb 736c96ae2e6acdc766e7b5caf8a9378e3bc10b2f5b4be1f21b79d38b27111c6e 171746 putty-doc_0.60+2010-02-20-1+squeeze2_all.deb Files: bc3182745c5954f9b1a0df1a2536c205 1993 net optional putty_0.60+2010-02-20-1+squeeze2.dsc 43f9d14342652622fd8e1f02a2e0b7f7 21204 net optional putty_0.60+2010-02-20-1+squeeze2.debian.tar.gz 2bf426cd1959c12b2ac26628fac7f038 183452 x11 optional pterm_0.60+2010-02-20-1+squeeze2_i386.deb 70035a635150046aa7bb48fd2c4c0aa2 307206 net optional putty_0.60+2010-02-20-1+squeeze2_i386.deb d2eeb55640e3c26ad974eebedceb9c9f 614074 net optional putty-tools_0.60+2010-02-20-1+squeeze2_i386.deb 1718aaaad8f7b7b52d4db4552739fc77 171746 doc optional putty-doc_0.60+2010-02-20-1+squeeze2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Colin Watson <cjwatson@debian.org> -- Debian developer iQIVAwUBUgdCBDk1h9l9hlALAQjg1g//Q+SS/9sec1J0kHGbbdhg6NeHiVnj19Ki 9GvAIWYBlOZRsdXjUVp8FUHhdjKSvd1NJU7hJiofz4Etgdh0/dynQhetcbXAGSHS 4ifHCLjKBeeriFMVJwzOV68jdDMcPWIyopFOT+JXiN/kX7YlAfUOMPem1Bk0aCQj j7CY1u5ombU+mQAZNFgovQGlrD32+3bqGnQYH56ybzRuGulaSqyyOIKJqr6g8IXQ dl8TzXommIEcRwPV7htiplVUF6Tz1rLDjHFpbv//IuAnXweatzFPCJxyJKG762FK GN2IMaQkLBhanFi5epzfUmoMTZ+TZ/NYT4x0xxmUQ5F5hpKnCCSDAyApQLsp8Qin iP61tmI620EmnDObuGVlDq5mO3NA3Gi2ix48bVUcaEXQeoaPUbAezJw6xX8qorfe VZnz4VyPs3K69E8UyrOa9SbZqWYlh8MNJXx8O/xAQuadXNB6fOM6zg2R8IuqDlat WEtzMNT166vUyVXOSpZ1ItdYkl/f8H5C6zqxH8orSxdclLLYQUSPBnENVNJlEMrr EA1fwFFbDJDsjI4uFMwW51xiugrTmIfYfBuarF5zadAjuebNuGmdAYlpeG7qBM8Q eplsY3p6cBf9oMWZ5XLusRD4RhDcABf0cP+ZzeFxgteT/xxIupjQgQqgJd1f2M2i oLqFbXDpmgY= =2Z8F -----END PGP SIGNATURE-----
