Bug#779488: marked as done (putty: CVE-2015-2157)

Debian Bug Tracking System Sun, 01 Mar 2015 11:55:03 -0800

Your message dated Sun, 01 Mar 2015 19:50:01 +0000
with message-id <[email protected]>
and subject line Bug#779488: fixed in putty 0.63-10
has caused the Debian Bug report #779488,
regarding putty: CVE-2015-2157
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
779488: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779488
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: putty
Severity: important
Tags: security

This has been assigned CVE-2015-2157:
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: putty
Source-Version: 0.63-10

We believe that the bug you reported is fixed in the latest version of
putty, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <[email protected]> (supplier of updated putty package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 01 Mar 2015 12:59:15 +0000
Source: putty
Binary: pterm putty putty-tools putty-doc
Architecture: source amd64 all
Version: 0.63-10
Distribution: unstable
Urgency: medium
Maintainer: Colin Watson <[email protected]>
Changed-By: Colin Watson <[email protected]>
Description:
 pterm      - PuTTY terminal emulator
 putty      - Telnet/SSH client for X
 putty-doc  - PuTTY HTML documentation
 putty-tools - command-line tools for SSH, SCP, and SFTP
Closes: 779488
Changes:
 putty (0.63-10) unstable; urgency=medium
 .
   * Backport from upstream:
     - Make kh2reg.py compatible with modern Python.
     - MATTA-2015-002: Enforce acceptable range for Diffie-Hellman server
       value.
     - Fix an erroneous length field in SSH-1 key load.
     - CVE-2015-2157: Fix failure to clear sensitive private key information
       from memory (closes: #779488).
Checksums-Sha1:
 ce15a429e5a9651c71b1eb88ed5656a62661dfb2 2060 putty_0.63-10.dsc
 2aa78fae6bac5008086b7c5f84c3928242426de7 61800 putty_0.63-10.debian.tar.xz
 cc51c452cec5a7933cbf55d64a9ac51358ba3546 182346 pterm_0.63-10_amd64.deb
 132ae2a0efd02b44e81406279d2992a8d01daa48 309632 putty_0.63-10_amd64.deb
 2a28d7b06ae000de74b69fb6ae22d2b65974443b 322506 putty-tools_0.63-10_amd64.deb
 2394f56634cc2bf4a89d03f8788ddb179bb0560a 136386 putty-doc_0.63-10_all.deb
Checksums-Sha256:
 3a464b0525b3daf717af56b89398ee4282cefa3d130b5de88029b74d5149e5ad 2060 
putty_0.63-10.dsc
 cb09afa6bfe72460e4c4f43f328f3baef52f93f299dac3e92f5c045ffd499d95 61800 
putty_0.63-10.debian.tar.xz
 7e64961f117b0eb8e590f21312119efad4740feafc45c36fa9689e52ea0d331f 182346 
pterm_0.63-10_amd64.deb
 a6ea3d1b6c3a19f5097cbd96af61dcae0d2d4c139c6c76acac3955ae350a7adb 309632 
putty_0.63-10_amd64.deb
 3df90f6cc0f0dc956a95bdf6402f016a525e557a408d1bea753652814187e90d 322506 
putty-tools_0.63-10_amd64.deb
 0b0e7929fcc04a29a2d595ce2d06257d1842fb3d27f23ced4d38bd98c3a592bb 136386 
putty-doc_0.63-10_all.deb
Files:
 3e16d1383744af7dcc3eee7a3c4f38c1 2060 net optional putty_0.63-10.dsc
 189001650a7012c7658a289ed9f70a74 61800 net optional putty_0.63-10.debian.tar.xz
 c4e70211bba534ab1790aa7251c236f9 182346 x11 optional pterm_0.63-10_amd64.deb
 8af2faf29bcc5ca81c411ec3826b6644 309632 net optional putty_0.63-10_amd64.deb
 035ee192ef71cd5384264062aaf884cc 322506 net optional 
putty-tools_0.63-10_amd64.deb
 1c01b8361e4e45d425238cc80130bb64 136386 doc optional putty-doc_0.63-10_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Colin Watson <[email protected]> -- Debian developer

iQIVAwUBVPNpIzk1h9l9hlALAQi8PQ/9FX4iCT8KJnWnt70NJxbbcsKQYiALzyx8
DmWF2vL5eUr7eGihz5w7BnIIsQjK2G11nCy9+XFD/UzHtucZP4DqC/0cwLQ8FlfW
rXIWI/wWdFSFD9waYGPLGtbK/iComhQCYuSiqGOdacOv51mgvxiiTSEM4tzOK/yA
m0oj2LlXHPWdLb3/kDZHZzYnzaT/1gW9gGNgd86HdNV6HO1BGVaovDctZ1dhzj2X
oam5asP1VzCmOAhWQjo9hTfuLO57KELeV5gzH07bmaSBa3wTOpdhik3msW4v96/r
OoywTDiEy5wBzGj3Rlg8QKVPXM8m/Lz+2ndeUgHcsXHyyQtDWKFwHctS65MBCbyz
jxioFJzwq+iXZYDDAmnFHxIfBzkfTaDjmaTvyhWPP1orutsQp0MlZYr5xeIdtwYk
5OrGUudESIh+jCNgPWEg+wwGfDtt/H4l8lLMPr/JZaK0WpRzeYWi2Rz142fG/xms
Z+bLN8JJhju383oH761WvTeOnusatL2KanVEXfXmdow/LqlCHenzxu5gzndKHF6l
k9w5a/lcu5Y6uV6XCl0X4akeeIi/9H/LeR6N7V110CGM8DpnLBUscDQ/G98QvUOR
lDXrm1F+mp4bzGXbtCTIOBkJH1BWg5Wgl6x0JDohsEtshU+fNDcdCsONj6EQ05Aa
u9RZnHUNnTw=
=BIS3
-----END PGP SIGNATURE-----

--- End Message ---

Bug#779488: marked as done (putty: CVE-2015-2157)

Reply via email to