Package: putty / 0.62-9+deb7u3
Metadata
Package | Version | Patches format |
---|---|---|
putty | 0.62-9+deb7u3 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
glib deprecated functions.patch | (download) |
unix/gtkfont.c |
45 25 + 20 - 0 ! |
avoid deprecated glib functions |
careful key length.patch | (download) |
doc/pubkey.but |
12 0 + 12 - 0 ! |
be more careful about key lengths Generate keys more carefully, so that when the user asks for an n-bit key they always get an n-bit number instead of n-1. The latter was perfectly harmless but kept confusing users. |
compose.patch | (download) |
unix/gtkwin.c |
149 131 + 18 - 0 ! |
support dead keys and compose sequences |
vuln modmul.patch | (download) |
sshbn.c |
45 45 + 0 - 0 ! |
cve-2013-4206 Buffer underrun in modmul could corrupt the heap. |
vuln signature stringlen.patch | (download) |
import.c |
2 1 + 1 - 0 ! |
cve-2013-4852 Negative string length in public-key signatures could cause integer overflow and overwrite all of memory. |
vuln bignum division by zero.patch | (download) |
sshbn.c |
72 64 + 8 - 0 ! |
cve-2013-4207 Non-coprime values in DSA signatures can cause buffer overflow in modular inverse. |
private key not wiped.patch | (download) |
sshdss.c |
16 12 + 4 - 0 ! |
cve-2013-4208 Private keys were left in memory after being used by PuTTY tools. |
proactive tightening.patch | (download) |
import.c |
41 30 + 11 - 0 ! |
proactive potentially-security-relevant tightening Tighten up a lot of casts from unsigned to int which are read by one of the GET_32BIT macros and then used as length fields. Missing bounds checks against zero have been added, and also I've introduced a helper function toint() which casts from unsigned to int in such a way as to avoid C undefined behaviour, since I'm not sure I trust compilers any more to do the obviously sensible thing. |
enforce dh range.patch | (download) |
ssh.c |
7 7 + 0 - 0 ! |
enforce acceptable range for diffie-hellman server value Florent Daigniere of Matta points out that RFC 4253 actually _requires_ us to refuse to accept out-of-range values, though it isn't completely clear to me why this should be a MUST on the receiving end. . Matta considers this to be a security vulnerability, on the grounds that if a server should accidentally send an obviously useless value such as 1 then we will fail to reject it and agree a key that an eavesdropper could also figure out. Their id for this vulnerability is MATTA-2015-002. |
ssh 1 key load length.patch | (download) |
sshpubk.c |
2 1 + 1 - 0 ! |
fix an erroneous length field in ssh-1 key load We incremented buf by a few bytes, so we must decrement the corresponding length by the same amount, or else makekey() could overrun. . Thanks to Patrick Coleman for the patch. |
private key not wiped 2.patch | (download) |
sshpubk.c |
18 14 + 4 - 0 ! |
add some missing memsets and sfrees The absence of these could have prevented sensitive private key information from being properly cleared out of memory that PuTTY tools had finished with. . Thanks to Patrick Coleman for spotting this and sending a patch. |
more robust control sequence parameter handling.patch | (download) |
terminal.c |
49 43 + 6 - 0 ! |
more robust control sequence parameter handling. |