<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=utf-8" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Salvatore Bonaccorso pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/d13e8c0fccbea4ca1baa31e553fe74f6041878ab">d13e8c0f</a></strong>

<div>

<span>by Salvatore Bonaccorso</span>

<i>at 2019-03-21T12:21:32Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add TODO item for putty and CVE-2019-989{4,5,7,8} issues

The issue might be fixed already with the targetted upload to unstable

as 0.70-6 with the following changelog entry:

         putty (0.70-6) unstable; urgency=high

         .

           * Apply security patch series from upstream:

             - New facility for removing pending toplevel callbacks.

             - Fix one-byte buffer overrun in random_add_noise().

             - uxnet: clean up callbacks when closing a NetSocket.

             - sk_tcp_close: fix memory leak of output bufchain.

             - Fix handling of bad RSA key with n=p=q=0.

             - Sanity-check the 'Public-Lines' field in ppk files.

             - Introduce an enum of the uxsel / select_result flags.

             - Switch to using poll(2) in place of select(2).

             - RSA kex: enforce the minimum key length.

             - Fix crash on ESC#6 + combining chars + GTK + odd-width terminal.

             - Limit the number of combining chars per terminal cell.

             - minibidi: fix read past end of line in rule W5.

but CVE commit association needs to be determined.

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/d13e8c0fccbea4ca1baa31e553fe74f6041878ab#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777777;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/d13e8c0fccbea4ca1baa31e553fe74f6041878ab">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/commit/d13e8c0fccbea4ca1baa31e553fe74f6041878ab"}}</script>

</p>

</div>

</body>

</html>