This is a DebDiff for Ubuntu Precise. This contains the patch that was included in Debian (http://anonscm.debian.org/cgit/pkg- ssh/putty.git/tree/debian/patches/private-key-not- wiped-2.patch?id=5137922dc35f49f0b8573995420b24c1fe6ff826) which was included in Vivid.
***This needs additional review by the Security Team comparing the debdiff changes to the original Debian patch. This extra code review is necessary because to make the patch apply in Precise, the original patch needed to be re-engineered, applying the changes manually by hand, in order to provide for a patch import failure due to the code offsets not working for Precise. Before accepting this debdiff, please review it more thoroughly than the others.*** ** Patch added: "CVE-2015-2157 DebDiff for Precise - Needs Additional Review!" https://bugs.launchpad.net/ubuntu/+source/putty/+bug/1467631/+attachment/4418946/+files/cve-2015-2157_precise.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1467631 Title: CVE-2015-2157 - SSH2 Private Keys Not Properly Wiped from Memory To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/putty/+bug/1467631/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
