Viewing all changes in revision 13.
- Committer: Package Import Robot
- Date: 2013-08-08 23:37:19 UTC
- Revision ID: package-import@ubuntu.com-20130808233719-4kvi47bowdakujbz
* CVE-2011-4607: Passwords were left in memory using SSH
keyboard-interactive auth.
* CVE-2013-4206: Buffer underrun in modmul could corrupt the heap.
* CVE-2013-4852: Negative string length in public-key signatures could
cause integer overflow and overwrite all of memory (closes: #718779).
* CVE-2013-4207: Non-coprime values in DSA signatures can cause buffer
overflow in modular inverse.
* CVE-2013-4208: Private keys were left in memory after being used by
PuTTY tools.
* Backport some general proactive potentially-security-relevant tightening
from upstream.
keyboard-interactive auth.
* CVE-2013-4206: Buffer underrun in modmul could corrupt the heap.
* CVE-2013-4852: Negative string length in public-key signatures could
cause integer overflow and overwrite all of memory (closes: #718779).
* CVE-2013-4207: Non-coprime values in DSA signatures can cause buffer
overflow in modular inverse.
* CVE-2013-4208: Private keys were left in memory after being used by
PuTTY tools.
* Backport some general proactive potentially-security-relevant tightening
from upstream.
- files added:
- .pc
- .pc/password-not-wiped.patch
- .pc/private-key-not-wiped.patch
- .pc/proactive-tightening.patch
- .pc/proactive-tightening.patch/unix
- .pc/proactive-tightening.patch/windows
- .pc/vuln-bignum-division-by-zero.patch
- .pc/vuln-modmul.patch
- .pc/vuln-signature-stringlen.patch
- debian/patches
- files modified:
- debian/changelog
expand all
collapse all
added
removed
