Your message dated Thu, 15 Aug 2013 21:02:55 +0000 with message-id <e1va4h5-0004bx...@franck.debian.org> and subject line Bug#718779: fixed in putty 0.60+2010-02-20-1+squeeze2 has caused the Debian Bug report #718779, regarding putty: CVE-2013-4852 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 718779: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: putty Severity: grave Tags: security Justification: user security hole Hi, please see http://www.search-lab.hu/advisories/secadv-20130722 for details. Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: putty Source-Version: 0.60+2010-02-20-1+squeeze2 We believe that the bug you reported is fixed in the latest version of putty, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 718...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Colin Watson <cjwat...@debian.org> (supplier of updated putty package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 08 Aug 2013 23:37:19 +0100 Source: putty Binary: pterm putty putty-tools putty-doc Architecture: source i386 all Version: 0.60+2010-02-20-1+squeeze2 Distribution: oldstable-security Urgency: high Maintainer: Colin Watson <cjwat...@debian.org> Changed-By: Colin Watson <cjwat...@debian.org> Description: pterm - PuTTY terminal emulator putty - Telnet/SSH client for X putty-doc - PuTTY HTML documentation putty-tools - command-line tools for SSH, SCP, and SFTP Closes: 718779 Changes: putty (0.60+2010-02-20-1+squeeze2) oldstable-security; urgency=high . * CVE-2011-4607: Passwords were left in memory using SSH keyboard-interactive auth. * CVE-2013-4206: Buffer underrun in modmul could corrupt the heap. * CVE-2013-4852: Negative string length in public-key signatures could cause integer overflow and overwrite all of memory (closes: #718779). * CVE-2013-4207: Non-coprime values in DSA signatures can cause buffer overflow in modular inverse. * CVE-2013-4208: Private keys were left in memory after being used by PuTTY tools. * Backport some general proactive potentially-security-relevant tightening from upstream. Checksums-Sha1: e2ea655cc9934b34cbba66292ab6d7e65b864712 1993 putty_0.60+2010-02-20-1+squeeze2.dsc ba8e8fa8b6d100165dc63c1f0be366d923018fe5 21204 putty_0.60+2010-02-20-1+squeeze2.debian.tar.gz 9c7235fe8054ff27c7894101d72b55c73884edc5 183452 pterm_0.60+2010-02-20-1+squeeze2_i386.deb e2cfe493f402822389d26fc24fe536b08ae067ff 307206 putty_0.60+2010-02-20-1+squeeze2_i386.deb dfe6dd9b833799cc4e15a34c2a03f1f93f57e016 614074 putty-tools_0.60+2010-02-20-1+squeeze2_i386.deb 79e2771f7da1d9bbeb5bd0dbf3970f9b584c5b3b 171746 putty-doc_0.60+2010-02-20-1+squeeze2_all.deb Checksums-Sha256: 56f40b3619f58b45647539b8a023f2d40eacd9e9ff80724af103567f7c6fb2ea 1993 putty_0.60+2010-02-20-1+squeeze2.dsc 4f3ec6d63c4c688609ab1579e9f203e020e536481c9dedfb713899462c480eda 21204 putty_0.60+2010-02-20-1+squeeze2.debian.tar.gz 1d2c3a05121ef0e14af44479afb3a172f7eff522317bf43088882e6a958e3983 183452 pterm_0.60+2010-02-20-1+squeeze2_i386.deb f986d408742afd54a44b3a916912bc8b914215c1337cb40a3f3a15f65c406d08 307206 putty_0.60+2010-02-20-1+squeeze2_i386.deb cbbf9cb4eefd3e83591ed2e726835320fe594f0761a1658526726244740604c9 614074 putty-tools_0.60+2010-02-20-1+squeeze2_i386.deb 736c96ae2e6acdc766e7b5caf8a9378e3bc10b2f5b4be1f21b79d38b27111c6e 171746 putty-doc_0.60+2010-02-20-1+squeeze2_all.deb Files: bc3182745c5954f9b1a0df1a2536c205 1993 net optional putty_0.60+2010-02-20-1+squeeze2.dsc 43f9d14342652622fd8e1f02a2e0b7f7 21204 net optional putty_0.60+2010-02-20-1+squeeze2.debian.tar.gz 2bf426cd1959c12b2ac26628fac7f038 183452 x11 optional pterm_0.60+2010-02-20-1+squeeze2_i386.deb 70035a635150046aa7bb48fd2c4c0aa2 307206 net optional putty_0.60+2010-02-20-1+squeeze2_i386.deb d2eeb55640e3c26ad974eebedceb9c9f 614074 net optional putty-tools_0.60+2010-02-20-1+squeeze2_i386.deb 1718aaaad8f7b7b52d4db4552739fc77 171746 doc optional putty-doc_0.60+2010-02-20-1+squeeze2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Colin Watson <cjwat...@debian.org> -- Debian developer iQIVAwUBUgdCBDk1h9l9hlALAQjg1g//Q+SS/9sec1J0kHGbbdhg6NeHiVnj19Ki 9GvAIWYBlOZRsdXjUVp8FUHhdjKSvd1NJU7hJiofz4Etgdh0/dynQhetcbXAGSHS 4ifHCLjKBeeriFMVJwzOV68jdDMcPWIyopFOT+JXiN/kX7YlAfUOMPem1Bk0aCQj j7CY1u5ombU+mQAZNFgovQGlrD32+3bqGnQYH56ybzRuGulaSqyyOIKJqr6g8IXQ dl8TzXommIEcRwPV7htiplVUF6Tz1rLDjHFpbv//IuAnXweatzFPCJxyJKG762FK GN2IMaQkLBhanFi5epzfUmoMTZ+TZ/NYT4x0xxmUQ5F5hpKnCCSDAyApQLsp8Qin iP61tmI620EmnDObuGVlDq5mO3NA3Gi2ix48bVUcaEXQeoaPUbAezJw6xX8qorfe VZnz4VyPs3K69E8UyrOa9SbZqWYlh8MNJXx8O/xAQuadXNB6fOM6zg2R8IuqDlat WEtzMNT166vUyVXOSpZ1ItdYkl/f8H5C6zqxH8orSxdclLLYQUSPBnENVNJlEMrr EA1fwFFbDJDsjI4uFMwW51xiugrTmIfYfBuarF5zadAjuebNuGmdAYlpeG7qBM8Q eplsY3p6cBf9oMWZ5XLusRD4RhDcABf0cP+ZzeFxgteT/xxIupjQgQqgJd1f2M2i oLqFbXDpmgY= =2Z8F -----END PGP SIGNATURE-----
--- End Message ---
