Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130806195610.GQ19155@redhat.com>
Date: Tue, 6 Aug 2013 13:56:10 -0600
From: Vincent Danen <vdanen@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: three additional flaws fixed in putty 0.63

There seem to be some CVEs needed for putty 0.63 due to some other fixes
that were fixed alongside CVE-2013-4852:


* a heap-corrupting buffer underrun bug in the modmul function which performs modular multiplication:
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.html
http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9977

* A buffer overflow vulnerability in the calculation of modular inverses when verifying a DSA signature:
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html
http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9996

* Private keys left in memory after being used by PuTTY tools:
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html
http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9988


I can't see any CVE references so I suspect there are none.

-- 
Vincent Danen / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.