Your message dated Wed, 14 Aug 2013 21:17:05 +0000 with message-id <e1v9irf-0002uk...@franck.debian.org> and subject line Bug#718779: fixed in putty 0.62-9+deb7u1 has caused the Debian Bug report #718779, regarding putty: CVE-2013-4852 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 718779: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: putty Severity: grave Tags: security Justification: user security hole Hi, please see http://www.search-lab.hu/advisories/secadv-20130722 for details. Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: putty Source-Version: 0.62-9+deb7u1 We believe that the bug you reported is fixed in the latest version of putty, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 718...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Colin Watson <cjwat...@debian.org> (supplier of updated putty package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 07 Aug 2013 10:11:18 +0100 Source: putty Binary: pterm putty putty-tools putty-doc Architecture: source i386 all Version: 0.62-9+deb7u1 Distribution: stable-security Urgency: high Maintainer: Colin Watson <cjwat...@debian.org> Changed-By: Colin Watson <cjwat...@debian.org> Description: pterm - PuTTY terminal emulator putty - Telnet/SSH client for X putty-doc - PuTTY HTML documentation putty-tools - command-line tools for SSH, SCP, and SFTP Closes: 718779 Changes: putty (0.62-9+deb7u1) stable-security; urgency=high . * CVE-2013-4206: Buffer underrun in modmul could corrupt the heap. * CVE-2013-4852: Negative string length in public-key signatures could cause integer overflow and overwrite all of memory (closes: #718779). * CVE-2013-4207: Non-coprime values in DSA signatures can cause buffer overflow in modular inverse. * CVE-2013-4208: Private keys were left in memory after being used by PuTTY tools. * Backport some general proactive potentially-security-relevant tightening from upstream. Checksums-Sha1: f27c50df1b835e13ccedca78b1162d4c283659aa 2068 putty_0.62-9+deb7u1.dsc 5898438614117ee7e3704fc3f30a3c4bf2041380 1783106 putty_0.62.orig.tar.gz 0f97ae11e0e1c7688fe1be73856b02d56cf75b27 28337 putty_0.62-9+deb7u1.debian.tar.gz ef71f8ba97fd9c0a41bfcac876b7755a6e81cf66 201010 pterm_0.62-9+deb7u1_i386.deb e05f9707d1f9cf600171d4f3a955bfebd03b3363 343612 putty_0.62-9+deb7u1_i386.deb 9559f7e964c00407af2aab99ca9664e95759034e 704140 putty-tools_0.62-9+deb7u1_i386.deb 0d2a709c16b35afee0057aaf48890db3fb0015ab 174634 putty-doc_0.62-9+deb7u1_all.deb Checksums-Sha256: 9762b5a2ff1c734b9aa10132b2acf7f52540a25de7bf1d4d1647e217b6a3ce62 2068 putty_0.62-9+deb7u1.dsc 8d187e86ee18c839895d263607b61788778564e3720e8d85c5305a04f9da0573 1783106 putty_0.62.orig.tar.gz a83dede5d2c02b6e026b6ac264b10ffe4bdbdcd1ca9848918fe503bfdb8e0f42 28337 putty_0.62-9+deb7u1.debian.tar.gz 84468cc30f4d69603ab8035d1c701af9e55756e88ad2d146017e60be1610509e 201010 pterm_0.62-9+deb7u1_i386.deb dd5da5551aaecb8c82b6e42632c362fba4cbe31db01bea45a363919d759def9c 343612 putty_0.62-9+deb7u1_i386.deb 74ac6037a1b29798831897aa326d3bb1f2042f02207797f5ccfb19996f8aeb82 704140 putty-tools_0.62-9+deb7u1_i386.deb a1fb4e0c559e0c2273f291143fea54d3b960a19ac4d4545c5a1536b80c9a9539 174634 putty-doc_0.62-9+deb7u1_all.deb Files: c6828c5cca977f2c309a32313a5e58b2 2068 net optional putty_0.62-9+deb7u1.dsc 1344b606a680a9036df0fc3a05e62e71 1783106 net optional putty_0.62.orig.tar.gz c46fe76f5116faefb5173398f411ddd2 28337 net optional putty_0.62-9+deb7u1.debian.tar.gz 2bb36a90bbed7083a8ba39e855a3f633 201010 x11 optional pterm_0.62-9+deb7u1_i386.deb 50e1a51a16eb3e9b8d6d98c2e6c8ecb2 343612 net optional putty_0.62-9+deb7u1_i386.deb 556656e5bb0ac3dc2fe3ee6dffe1c286 704140 net optional putty-tools_0.62-9+deb7u1_i386.deb 25906b907f36d06503eff1723cbb61ee 174634 doc optional putty-doc_0.62-9+deb7u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Colin Watson <cjwat...@debian.org> -- Debian developer iQIVAwUBUgInTDk1h9l9hlALAQgv7Q/+LGVxPXG9KK9th+Q82+ArQu/NoA7VqPL8 ugZ2VlqNtoKxekyV/iO+gqg7rmYiRY3gljpBPs8x8sDUvkw0YxjRcwU0Y4l2l61J E3b1Y0VAm4sMaDK7Wa3rRMuzQtrIaKbCVkz9UOxNi3OAzaRlM+V5yP0vo0mlPdp1 7BdqMWEPolXinZmA3jgQ8+jvf0cLUt0bScq0IevgT7jmQ1bf/BPqHck5IDGcCRzt Glx4Sw/UEgeTxUwZCuVcHVmGIVLpI9gazdqXOYOCeGX2MnjqroBY4DYUV459DNhf yF4tITdYnbUFBviQZKf9T31/EDEzwyNX90VFi6dfof24TDqBooF+vUjS3CzAs+1N 7U9AUVmoPsinqg3DK/D2k1KiWQBbGpSsuKFqvVMfvR9hygmN7pjrtN0PihSUOarL 7Gsi/OvM+kX4g2ZXOUgR00Fw2RPEe4hDZ5Kt2hACj87quk8tS2sG1+0lvTI9S3jO A97tSbS058cVyMBFL3OdSflNFjwHkSrd0eG5NOYOt8wpSxiZXA3KhZtyvfi7DYy9 wsPElUH86s1YsbNYtslJBGb9LPiYCDNcxvHRtrb1fSY3HnNcRIVrM2nro9JwoCBK UVgZfPQDtaWFSOJetF9vJdMMT4ukvzgjsr9ovuEwn3zdy1WcAtswpVWEKLPNWqsv msfY8KnLAuE= =wTTO -----END PGP SIGNATURE-----
--- End Message ---
