Back to putty PTS page

Accepted putty 0.63-10+deb8u2 (source amd64 all) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted putty 0.63-10+deb8u2 (source amd64 all) into oldstable
From: Thorsten Alteholz <debian@alteholz.de>
Date: Wed, 24 Apr 2019 18:30:15 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1hJMet-00034a-EX@seger.debian.org>
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 23 Apr 2019 19:03:02 +0200
Source: putty
Binary: pterm putty putty-tools putty-doc
Architecture: source amd64 all
Version: 0.63-10+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Colin Watson <cjwatson@debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
 pterm      - PuTTY terminal emulator
 putty      - Telnet/SSH client for X
 putty-doc  - PuTTY HTML documentation
 putty-tools - command-line tools for SSH, SCP, and SFTP
Changes:
 putty (0.63-10+deb8u2) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2019-9897
     - Fix crash printing a width-2 char in a width-1 terminal.
     - Limit the number of combining chars per terminal cell.
     - Fix crash on ESC#6 + combining chars + GTK + odd-width
       terminal.
   * CVE-2019-9894
     RSA kex: enforce the minimum key length.
   * CVE-2019-9898
     Fix one-byte buffer overrun in random_add_noise().
   * additional patches from upstream that are security related and
     as well present in the Stretch version of putty
     - In random_add_noise, put the hashed noise into the pool, not the raw
       noise.
     - sk_tcp_close: fix memory leak of output bufchain.
     - Fix handling of bad RSA key with n=p=q=0.
     - Sanity-check the 'Public-Lines' field in ppk files.
     - Introduce an enum of the uxsel / select_result flags.
Checksums-Sha1:
 66e595cf5e5a809fe1e149ea82a20f2c388942a8 2205 putty_0.63-10+deb8u2.dsc
 195c0603ef61082b91276faa8d4246ea472bba3b 1887913 putty_0.63.orig.tar.gz
 9449083c66119e2a44bd375447720a31bcdd1b49 72056 putty_0.63-10+deb8u2.debian.tar.xz
 8030fb587aea20f2c686ca3acb577969cfb11454 182968 pterm_0.63-10+deb8u2_amd64.deb
 38aad7ec482e653076abf310816d0e73f2e02fd4 310828 putty_0.63-10+deb8u2_amd64.deb
 ab3c21573956ea60e7e153ba7855cd4eb30a95c8 323664 putty-tools_0.63-10+deb8u2_amd64.deb
 0259517b932d2c0b402b458045f952454d9fc0df 137176 putty-doc_0.63-10+deb8u2_all.deb
Checksums-Sha256:
 6b9078d46bccc1c7bea5bf5ad244735e752cbc9ac146301427a4bc555f49c50f 2205 putty_0.63-10+deb8u2.dsc
 81e8eaaf31be7d9a46b4f3fb80d1d9540776f142cd89d0a11f2f8082dc68f8b5 1887913 putty_0.63.orig.tar.gz
 4efc99ac9d084c98e019bc4c20fc4047ef2ad3255da0c8a95a2c2c7e3b4c6c84 72056 putty_0.63-10+deb8u2.debian.tar.xz
 f79dbf0be65b97c651b2ef9d39c9f32639486066020f7d7e31cfa3523b9edda2 182968 pterm_0.63-10+deb8u2_amd64.deb
 771571d9e7cf3744738166e483fb074a6e87116b2bfa74e4e2c02592ed1f43cc 310828 putty_0.63-10+deb8u2_amd64.deb
 b2d836952f8cefea23609646d9abfc986d167affd5b851c20fe37ab2f3ef5c44 323664 putty-tools_0.63-10+deb8u2_amd64.deb
 9fc057f9685fdf3d3680fec2f44a25a37103f40042fda813f0f1c819a38c2459 137176 putty-doc_0.63-10+deb8u2_all.deb
Files:
 bd0bf84a9743fcb099d79fc66acb03cc 2205 net optional putty_0.63-10+deb8u2.dsc
 567207b590a149656454d6e6ea7af124 1887913 net optional putty_0.63.orig.tar.gz
 2e125b9b901f529f094cdc2a047eddee 72056 net optional putty_0.63-10+deb8u2.debian.tar.xz
 4e79e5909555df94723bf74d8cf6b2a5 182968 x11 optional pterm_0.63-10+deb8u2_amd64.deb
 af841bd76be06133d237b854206b4f9c 310828 net optional putty_0.63-10+deb8u2_amd64.deb
 d4bd2941dcae24209bfb9a77ade17209 323664 net optional putty-tools_0.63-10+deb8u2_amd64.deb
 b04587d258f466b920ed9044ec9f7f32 137176 doc optional putty-doc_0.63-10+deb8u2_all.deb

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlzApipfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR6N+D/90GiRnY++uZGD+lZjhYbq9iKiTiUSi
3YTpknwrYdU0k3C1lZIes+Xcc1x7Jwszjyh5ONzTR5VLa9b1prr4bEfK0WmxwQRw
O5mpzvDhnpaSOj1Jh+NVdB8j2C4pbh9GDV1F+ZUagvTvJp9eQkIGqxl1dK4Lqo1B
nwfx6K2YzqgBnsTBuW0M05rdWGKJgmYDnxGPtSr+pxfr1ym+HlIOy4sdWtu57wwa
Kd3nVG5wDVQZNj8FAkzWN/kUGG/AwI1+bVqT/RVV34RQtiQQw3RY3ijbKG+RZZPu
AjUaNYV+KDpKmgErwHt6cBLPqiPRY3fHNybGN2JQCglmjIqtNgSMCTmP87gfVz6a
BtWwzEPCXYJKZPUA1XCngHWBdNaJZKvCUnhVG0a/yHcx+HTDQd7i0ytnFdiNHhS6
64/BI7A9XY+WWk1GGpakE/mBy2fNBppAzaCU2zfuaYzgxw/cai5sm6ev5KwDRtjm
bvF8J2Ub4rh37xZDxnbwCcDu4GIY/mUgA2Ra/ytBXWMnSK0yFkvE82os2JYKneOX
iVNU5kFJay3J8VCBK5dDewgbVjZGcjYZqFJBoRepn+sPf+azmgCunjeh2QXal8gJ
s+vsQe8so1n9dyo0lvoTcHk2yUNwbpeUk+vFQKUYOLkhRVd0j1ukl5o0OGV/Z2fv
rqAiYWPnccN5Xg==
=XLcj
-----END PGP SIGNATURE-----