Your message dated Wed, 07 Aug 2013 03:24:53 +0000 with message-id <e1v6umn-0000vw...@franck.debian.org> and subject line Bug#718779: fixed in putty 0.63-1 has caused the Debian Bug report #718779, regarding putty: CVE-2013-4852 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 718779: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: putty Severity: grave Tags: security Justification: user security hole Hi, please see http://www.search-lab.hu/advisories/secadv-20130722 for details. Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: putty Source-Version: 0.63-1 We believe that the bug you reported is fixed in the latest version of putty, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 718...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Colin Watson <cjwat...@debian.org> (supplier of updated putty package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 07 Aug 2013 04:00:18 +0100 Source: putty Binary: pterm putty putty-tools putty-doc Architecture: source i386 all Version: 0.63-1 Distribution: unstable Urgency: low Maintainer: Colin Watson <cjwat...@debian.org> Changed-By: Colin Watson <cjwat...@debian.org> Description: pterm - PuTTY terminal emulator putty - Telnet/SSH client for X putty-doc - PuTTY HTML documentation putty-tools - command-line tools for SSH, SCP, and SFTP Closes: 193352 308552 718779 Changes: putty (0.63-1) unstable; urgency=low . * New upstream release. - CVE-2013-4206: Buffer underrun in modmul could corrupt the heap. - CVE-2013-4852: Negative string length in public-key signatures could cause integer overflow and overwrite all of memory (closes: #718779). - CVE-2013-4207: Non-coprime values in DSA signatures can cause buffer overflow in modular inverse. - CVE-2013-4208: Private keys were left in memory after being used by PuTTY tools. - Allow using a bold colour and a bold font at the same time (closes: #193352). - Use a monotonic clock (closes: #308552). * Switch to the Autotools-based build system. * Upgrade to debhelper v9. Checksums-Sha1: 8e356b693f676d47c5f87e7f4d4ab45b9ec5163e 2036 putty_0.63-1.dsc 195c0603ef61082b91276faa8d4246ea472bba3b 1887913 putty_0.63.orig.tar.gz af0d43cceb0933b3a81fb5b96b74d563aa8e5b04 12670 putty_0.63-1.debian.tar.gz d4e9065542f26d83f53a9324a6c2a0880d00c9bf 167074 pterm_0.63-1_i386.deb e2f6fdcb223bc01773356927b9146de779b638aa 283756 putty_0.63-1_i386.deb f40de04d57ec59df5b44290fae3e8f718205dab7 298494 putty-tools_0.63-1_i386.deb 8b8108b16606ec6f2fffcb7468f8f0f424d7f458 135766 putty-doc_0.63-1_all.deb Checksums-Sha256: 1777c970f765dd78be5179ca6d6ad632d74a9a31d1c32164d3297232c2673a7a 2036 putty_0.63-1.dsc 81e8eaaf31be7d9a46b4f3fb80d1d9540776f142cd89d0a11f2f8082dc68f8b5 1887913 putty_0.63.orig.tar.gz fd586b413fb07f2cf929aa291937442d2938444cd51a5f6548407e51f6cb91b5 12670 putty_0.63-1.debian.tar.gz f8f114f26a1f5d6ffdac36a84afa89e80c4a81cafe2f1874c64e005b10809e00 167074 pterm_0.63-1_i386.deb 9e3d617411936d39fff56f53f310165109a899527f7b5a185e696e2c0bee6e72 283756 putty_0.63-1_i386.deb 26e66b91f06d9aca6ff323e4b0cbb84a69f6076d398aba0c7f4458e87f046df4 298494 putty-tools_0.63-1_i386.deb ce4cf38d088d32fc7fd23fae3bea305429b4df077ae5e2ea1039f9344d8e3717 135766 putty-doc_0.63-1_all.deb Files: 726acf86471c46da86b388c6a3aed5d7 2036 net optional putty_0.63-1.dsc 567207b590a149656454d6e6ea7af124 1887913 net optional putty_0.63.orig.tar.gz 3ce5597daa9dc957eef06f88ceffd7f0 12670 net optional putty_0.63-1.debian.tar.gz 9e56e6ceef7a8b09bb34d5cbf6efc80e 167074 x11 optional pterm_0.63-1_i386.deb 08d567ca3bd066d8750f1784a35514bc 283756 net optional putty_0.63-1_i386.deb 7454f5d85df1c4b2302d6cbbdbeac72c 298494 net optional putty-tools_0.63-1_i386.deb a460019b4b1b649aae5ce88fac8ef0c9 135766 doc optional putty-doc_0.63-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Colin Watson <cjwat...@debian.org> -- Debian developer iQIVAwUBUgG5Ujk1h9l9hlALAQgSbg//YW1TNDabvXFCEhtOZgHLZq/NRs0RT6tX 2XLhduxkqdDyEwTlMDWR9UhWaBA8srNJ6+TisYVA8gnAqjyGfA41vuGHwZMdVNj5 +xiragBm+s1fPk2g0IQFBjV3dVIKCCyvSMzOLxkkJOtoiRxNcMssWtZ9W6LGnYr1 FwIgEoSHj1i0dRRnYnmmiwF0ZIRingqlkBZJKWjhafYL3iqSTNKXB13VVYuQa1Yj yQQZ3LcGkS0gmH5P2xGyrtdBlxjIDjhkU1Oqx4T9+q6//6VWcirWAeYlx3NVmdc5 V5farBiYmsUS/BuqA4XKj+ZOmtSgZYKrgCWW7yVNi4+8UrSPIf+b9Da/YMA5qY0N mJffGJ0RaUsHqvAZ42n+1gr3XwrhO7tBYc9G9qhIaRpJ+c9MiqQKmtVUM0A0YYz4 TAJ9ivDaAvf7cbauAANuD00XnRXA9D2GhYPMOHBxShpKMsJPekoQn7AJ24iC/6wp 9Evx9M1JtEmEY0SckA2y3vHouL5X/VHa1SmlVSZG2mn2eEMLIARjhc3ItT7JU8+z eoESSOqqcjvfXCcwH060WEQ3+oY7XSL4/w/rn1WcB5Pox1sOMGQPDgviANbInCxn xzvUaCWrGsYkqPXv+Oj23fGG/4IjtQwrY/Q4cjRF7BfsBzQ1gB5LlcsnN/vzPHhL tDB+WuHuDHE= =HK28 -----END PGP SIGNATURE-----
--- End Message ---
