-
putty (0.67-3+deb9u1build0.16.04.1) xenial-security; urgency=medium
* fake sync from Debian (LP: #1821407)
putty (0.67-3+deb9u1) stretch-security; urgency=high
* Backport security fixes from 0.71:
- In random_add_noise, put the hashed noise into the pool, not the raw
noise.
- New facility for removing pending toplevel callbacks.
- CVE-2019-9898: Fix one-byte buffer overrun in random_add_noise().
- uxnet: clean up callbacks when closing a NetSocket.
- sk_tcp_close: fix memory leak of output bufchain.
- Fix handling of bad RSA key with n=p=q=0.
- Sanity-check the 'Public-Lines' field in ppk files.
- Introduce an enum of the uxsel / select_result flags.
- CVE-2019-9895: Switch to using poll(2) in place of select(2).
- CVE-2019-9894: RSA kex: enforce the minimum key length.
- CVE-2019-9897: Fix crash on ESC#6 + combining chars + GTK + odd-width
terminal.
- CVE-2019-9897: Limit the number of combining chars per terminal cell.
- minibidi: fix read past end of line in rule W5.
- CVE-2019-9897: Fix crash printing a width-2 char in a width-1
terminal.
-- Steve Beattie <email address hidden> Tue, 21 May 2019 10:43:51 -0700
-
putty (0.67-3build0.16.04.1) xenial-security; urgency=medium
* fake sync from Debian
putty (0.67-3) unstable; urgency=high
* CVE-2017-6542: Sanity-check message length fields in CHAN_AGENT input
(thanks, Simon Tatham; closes: #857642).
-- Mike Salvatore <email address hidden> Tue, 29 Jan 2019 10:26:27 -0500
-
putty (0.67-2) unstable; urgency=medium
* Backport from upstream:
- Add command-line passphrase-file options to command-line PuTTYgen.
-- Colin Watson <email address hidden> Fri, 18 Mar 2016 22:32:33 +0000
-
putty (0.67-1) unstable; urgency=high
* New upstream release.
- CVE-2016-2563: Fix buffer overrun in the old-style SCP protocol
(closes: #816921).
-- Colin Watson <email address hidden> Sun, 06 Mar 2016 18:41:16 +0000
-
putty (0.66-4) unstable; urgency=medium
* Use HTTPS for Vcs-* URLs, and link to cgit rather than gitweb.
* Fix misleading-indentation and strict-aliasing warnings from GCC 6
(closes: #811581).
-- Colin Watson <email address hidden> Fri, 05 Feb 2016 13:47:21 +0000
-
putty (0.66-3) unstable; urgency=medium
* Add a Homepage field.
* Add Keywords fields to pterm.desktop and putty.desktop.
* Build with large file support.
-- Colin Watson <email address hidden> Mon, 04 Jan 2016 15:18:57 +0000
-
putty (0.66-2) unstable; urgency=medium
* Fix dh_fixperms override to work properly with an
architecture-independent-only build (closes: #806098).
* Do much less work in architecture-independent-only builds.
* Fix build failure on GNU/Hurd (closes: #805505).
-- Colin Watson <email address hidden> Tue, 24 Nov 2015 17:10:21 +0000
-
putty (0.66-1) unstable; urgency=high
* New upstream release.
- CVE-2015-5309: Fix a potentially memory-corrupting integer overflow in
the handling of the ECH (erase characters) control sequence in the
terminal emulator.
* Use dh-exec to remove the need to override dh_install.
* Add OpenPGP signature checking configuration to watch file.
-- Colin Watson <email address hidden> Sat, 07 Nov 2015 16:10:41 +0000
-
putty (0.65-2) unstable; urgency=medium
* Backport from upstream:
- Performance: cache character widths returned from Pango (closes:
#792258).
-- Colin Watson <email address hidden> Sun, 23 Aug 2015 18:47:52 +0100
