Bug#400804: putty-tools: puttygen can create world-readable private keys

This has ended up in the CVE list (CVE-2006-7162) and as a Secunia advisory . Secunia had incorrectly listed both 0.58 and 0.59 as vulnerable (they've recently corrected this). I suspect that the advisory was derived from this Debian bug report, and I can see t

Bug#400804: putty-tools: puttygen can create world-readable private keys

Package: putty-tools Version: 0.58-5 Severity: normal When i run puttygen (either to create a new key, or to translate an openssh-style key), the emitted ppk file (the putty private key) is created with the standard umask, which by default in debian leaves things world-readable. this is in contr