unix/gtkfont.c | 45 25 + 20 - 0 !
1 file changed, 25 insertions(+), 20 deletions(-)

 avoid deprecated glib functions

doc/pubkey.but | 12 0 + 12 - 0 !
ssh.h | 3 2 + 1 - 0 !
sshdssg.c | 6 4 + 2 - 0 !
sshprime.c | 51 47 + 4 - 0 !
sshrsag.c | 6 4 + 2 - 0 !
5 files changed, 57 insertions(+), 21 deletions(-)

 be more careful about key lengths
 Generate keys more carefully, so that when the user asks for an n-bit key
 they always get an n-bit number instead of n-1.  The latter was perfectly
 harmless but kept confusing users.

unix/gtkwin.c | 149 131 + 18 - 0 !
unix/uxucs.c | 6 0 + 6 - 0 !
2 files changed, 131 insertions(+), 24 deletions(-)

 support dead keys and compose sequences

sshbn.c | 45 45 + 0 - 0 !
testdata/bignum.py | 10 10 + 0 - 0 !
2 files changed, 55 insertions(+)

 cve-2013-4206
 Buffer underrun in modmul could corrupt the heap.

import.c | 2 1 + 1 - 0 !
sshdss.c | 7 6 + 1 - 0 !
sshrsa.c | 4 4 + 0 - 0 !
3 files changed, 11 insertions(+), 2 deletions(-)

 cve-2013-4852
 Negative string length in public-key signatures could cause integer
 overflow and overwrite all of memory.

sshbn.c | 72 64 + 8 - 0 !
sshdss.c | 44 35 + 9 - 0 !
sshrsa.c | 16 13 + 3 - 0 !
sshrsag.c | 4 4 + 0 - 0 !
4 files changed, 116 insertions(+), 20 deletions(-)

 cve-2013-4207
 Non-coprime values in DSA signatures can cause buffer overflow in modular
 inverse.

sshdss.c | 16 12 + 4 - 0 !
sshrsa.c | 2 2 + 0 - 0 !
2 files changed, 14 insertions(+), 4 deletions(-)

 cve-2013-4208
 Private keys were left in memory after being used by PuTTY tools.

import.c | 41 30 + 11 - 0 !
misc.c | 23 23 + 0 - 0 !
misc.h | 2 2 + 0 - 0 !
sftp.c | 2 1 + 1 - 0 !
ssh.c | 128 97 + 31 - 0 !
sshdss.c | 2 1 + 1 - 0 !
sshpubk.c | 2 1 + 1 - 0 !
sshrsa.c | 2 1 + 1 - 0 !
unix/uxagentc.c | 3 1 + 2 - 0 !
windows/winpgnt.c | 41 23 + 18 - 0 !
10 files changed, 180 insertions(+), 66 deletions(-)

 proactive potentially-security-relevant tightening
 Tighten up a lot of casts from unsigned to int which are read by one of the
 GET_32BIT macros and then used as length fields.  Missing bounds checks
 against zero have been added, and also I've introduced a helper function
 toint() which casts from unsigned to int in such a way as to avoid C
 undefined behaviour, since I'm not sure I trust compilers any more to do
 the obviously sensible thing.

ssh.c | 7 7 + 0 - 0 !
ssh.h | 1 1 + 0 - 0 !
sshdh.c | 23 23 + 0 - 0 !
3 files changed, 31 insertions(+)

 enforce acceptable range for diffie-hellman server value
 Florent Daigniere of Matta points out that RFC 4253 actually
 _requires_ us to refuse to accept out-of-range values, though it isn't
 completely clear to me why this should be a MUST on the receiving end.
 .
 Matta considers this to be a security vulnerability, on the grounds
 that if a server should accidentally send an obviously useless value
 such as 1 then we will fail to reject it and agree a key that an
 eavesdropper could also figure out. Their id for this vulnerability is
 MATTA-2015-002.

sshpubk.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix an erroneous length field in ssh-1 key load
 We incremented buf by a few bytes, so we must decrement the
 corresponding length by the same amount, or else makekey() could
 overrun.
 . 
 Thanks to Patrick Coleman for the patch.

sshpubk.c | 18 14 + 4 - 0 !
1 file changed, 14 insertions(+), 4 deletions(-)

 add some missing memsets and sfrees
 The absence of these could have prevented sensitive private key
 information from being properly cleared out of memory that PuTTY tools
 had finished with.
 . 
 Thanks to Patrick Coleman for spotting this and sending a patch.

terminal.c | 49 43 + 6 - 0 !
terminal.h | 2 1 + 1 - 0 !
2 files changed, 44 insertions(+), 7 deletions(-)

 more robust control sequence parameter handling.