Accepted putty 0.60+2010-02-20-1+squeeze2 (source i386 all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 08 Aug 2013 23:37:19 +0100
Source: putty
Binary: pterm putty putty-tools putty-doc
Architecture: source i386 all
Version: 0.60+2010-02-20-1+squeeze2
Distribution: oldstable-security
Urgency: high
Maintainer: Colin Watson <cjwatson@debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
pterm - PuTTY terminal emulator
putty - Telnet/SSH client for X
putty-doc - PuTTY HTML documentation
putty-tools - command-line tools for SSH, SCP, and SFTP
Closes: 718779
Changes:
putty (0.60+2010-02-20-1+squeeze2) oldstable-security; urgency=high
.
* CVE-2011-4607: Passwords were left in memory using SSH
keyboard-interactive auth.
* CVE-2013-4206: Buffer underrun in modmul could corrupt the heap.
* CVE-2013-4852: Negative string length in public-key signatures could
cause integer overflow and overwrite all of memory (closes: #718779).
* CVE-2013-4207: Non-coprime values in DSA signatures can cause buffer
overflow in modular inverse.
* CVE-2013-4208: Private keys were left in memory after being used by
PuTTY tools.
* Backport some general proactive potentially-security-relevant tightening
from upstream.
Checksums-Sha1:
e2ea655cc9934b34cbba66292ab6d7e65b864712 1993 putty_0.60+2010-02-20-1+squeeze2.dsc
ba8e8fa8b6d100165dc63c1f0be366d923018fe5 21204 putty_0.60+2010-02-20-1+squeeze2.debian.tar.gz
9c7235fe8054ff27c7894101d72b55c73884edc5 183452 pterm_0.60+2010-02-20-1+squeeze2_i386.deb
e2cfe493f402822389d26fc24fe536b08ae067ff 307206 putty_0.60+2010-02-20-1+squeeze2_i386.deb
dfe6dd9b833799cc4e15a34c2a03f1f93f57e016 614074 putty-tools_0.60+2010-02-20-1+squeeze2_i386.deb
79e2771f7da1d9bbeb5bd0dbf3970f9b584c5b3b 171746 putty-doc_0.60+2010-02-20-1+squeeze2_all.deb
Checksums-Sha256:
56f40b3619f58b45647539b8a023f2d40eacd9e9ff80724af103567f7c6fb2ea 1993 putty_0.60+2010-02-20-1+squeeze2.dsc
4f3ec6d63c4c688609ab1579e9f203e020e536481c9dedfb713899462c480eda 21204 putty_0.60+2010-02-20-1+squeeze2.debian.tar.gz
1d2c3a05121ef0e14af44479afb3a172f7eff522317bf43088882e6a958e3983 183452 pterm_0.60+2010-02-20-1+squeeze2_i386.deb
f986d408742afd54a44b3a916912bc8b914215c1337cb40a3f3a15f65c406d08 307206 putty_0.60+2010-02-20-1+squeeze2_i386.deb
cbbf9cb4eefd3e83591ed2e726835320fe594f0761a1658526726244740604c9 614074 putty-tools_0.60+2010-02-20-1+squeeze2_i386.deb
736c96ae2e6acdc766e7b5caf8a9378e3bc10b2f5b4be1f21b79d38b27111c6e 171746 putty-doc_0.60+2010-02-20-1+squeeze2_all.deb
Files:
bc3182745c5954f9b1a0df1a2536c205 1993 net optional putty_0.60+2010-02-20-1+squeeze2.dsc
43f9d14342652622fd8e1f02a2e0b7f7 21204 net optional putty_0.60+2010-02-20-1+squeeze2.debian.tar.gz
2bf426cd1959c12b2ac26628fac7f038 183452 x11 optional pterm_0.60+2010-02-20-1+squeeze2_i386.deb
70035a635150046aa7bb48fd2c4c0aa2 307206 net optional putty_0.60+2010-02-20-1+squeeze2_i386.deb
d2eeb55640e3c26ad974eebedceb9c9f 614074 net optional putty-tools_0.60+2010-02-20-1+squeeze2_i386.deb
1718aaaad8f7b7b52d4db4552739fc77 171746 doc optional putty-doc_0.60+2010-02-20-1+squeeze2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer
iQIVAwUBUgdCBDk1h9l9hlALAQjg1g//Q+SS/9sec1J0kHGbbdhg6NeHiVnj19Ki
9GvAIWYBlOZRsdXjUVp8FUHhdjKSvd1NJU7hJiofz4Etgdh0/dynQhetcbXAGSHS
4ifHCLjKBeeriFMVJwzOV68jdDMcPWIyopFOT+JXiN/kX7YlAfUOMPem1Bk0aCQj
j7CY1u5ombU+mQAZNFgovQGlrD32+3bqGnQYH56ybzRuGulaSqyyOIKJqr6g8IXQ
dl8TzXommIEcRwPV7htiplVUF6Tz1rLDjHFpbv//IuAnXweatzFPCJxyJKG762FK
GN2IMaQkLBhanFi5epzfUmoMTZ+TZ/NYT4x0xxmUQ5F5hpKnCCSDAyApQLsp8Qin
iP61tmI620EmnDObuGVlDq5mO3NA3Gi2ix48bVUcaEXQeoaPUbAezJw6xX8qorfe
VZnz4VyPs3K69E8UyrOa9SbZqWYlh8MNJXx8O/xAQuadXNB6fOM6zg2R8IuqDlat
WEtzMNT166vUyVXOSpZ1ItdYkl/f8H5C6zqxH8orSxdclLLYQUSPBnENVNJlEMrr
EA1fwFFbDJDsjI4uFMwW51xiugrTmIfYfBuarF5zadAjuebNuGmdAYlpeG7qBM8Q
eplsY3p6cBf9oMWZ5XLusRD4RhDcABf0cP+ZzeFxgteT/xxIupjQgQqgJd1f2M2i
oLqFbXDpmgY=
=2Z8F
-----END PGP SIGNATURE-----