-
Committer:
Package Import Robot
-
Author(s):
Colin Watson
-
Date:
2013-08-08 23:37:19 UTC
-
Revision ID:
package-import@ubuntu.com-20130808233719-4kvi47bowdakujbz
Tags: 0.60+2010-02-20-1+squeeze2
* CVE-2011-4607: Passwords were left in memory using SSH
keyboard-interactive auth.
* CVE-2013-4206: Buffer underrun in modmul could corrupt the heap.
* CVE-2013-4852: Negative string length in public-key signatures could
cause integer overflow and overwrite all of memory (closes: #718779).
* CVE-2013-4207: Non-coprime values in DSA signatures can cause buffer
overflow in modular inverse.
* CVE-2013-4208: Private keys were left in memory after being used by
PuTTY tools.
* Backport some general proactive potentially-security-relevant tightening
from upstream.