cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3dde84a167
openbsd-ports/net/putty
History
sthen 10a472aa72 SECURITY update to PuTTY 0.63 - ok brad@ 
- Vulnerability: non-coprime values in DSA signatures can cause buffer
overflow in modular inverse
- Vulnerability: buffer underrun in modmul can corrupt the heap
- Vulnerability: negative string length in public-key signatures can
cause integer overflow and overwrite all of memory
- Private keys left in memory after being used by PuTTY tools

N.B. some of these vulnerabilities where an SSH-2 server can make PuTTY
overrun or underrun buffers can be triggered *before* host key verification
so there is a risk from a spoofed server. For more info see the 0.63
section of http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/
2013-08-07 11:47:51 +00:00
..
patches SECURITY update to PuTTY 0.63 - ok brad@ 2013-08-07 11:47:51 +00:00
pkg Update to PuTTY 0.62. 2013-01-13 10:12:52 +00:00
distinfo SECURITY update to PuTTY 0.63 - ok brad@ 2013-08-07 11:47:51 +00:00
Makefile SECURITY update to PuTTY 0.63 - ok brad@ 2013-08-07 11:47:51 +00:00