[Git][security-tracker-team/security-tracker][master] Add three new putty issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c36be175 by Salvatore Bonaccorso at 2026-05-26T09:23:11+02:00
Add three new putty issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -69,11 +69,20 @@ CVE-2026-9484 (A vulnerability was determined in SourceCodester Student Grades M
 CVE-2026-4795 (A missing authorization vulnerability in Zyxel GS1200-5v3 firmware ver ...)
 	NOT-FOR-US: Zyxel
 CVE-2026-48852 (PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature ver ...)
-	TODO: check
+	- putty 0.84-1
+	NOTE: https://lists.tartarus.org/pipermail/putty-announce/2026/000042.html
+	NOTE: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/ecdsa-remotely-triggerable-assertion.html
+	NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=65b8f37c34cd80680693e813e0081cdafaf58324 (0.84)
 CVE-2026-48851 (PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indica ...)
-	TODO: check
+	- putty 0.84-1
+	NOTE: https://lists.tartarus.org/pipermail/putty-announce/2026/000042.html
+	NOTE: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/telnet-trust-sigil.html
+	NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=64712be3cbc4a02bda4a92ca97e8d4f294abbe9a (0.84)
 CVE-2026-48850 (PuTTY 0.72 before 0.84 has a double free in RSA KEX.)
-	TODO: check
+	- putty 0.84-1
+	NOTE: https://lists.tartarus.org/pipermail/putty-announce/2026/000042.html
+	NOTE: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/rsakex-double-free.html
+	NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=ba3ed53e0bf6682f89940bc2c3e83da6b1524024 (0.84)
 CVE-2026-48837 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-45438 (Missing Authorization vulnerability in WebToffee Smart Coupons for Woo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c36be1758724ea7ea1f7e076906bb0011a7dd456

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c36be1758724ea7ea1f7e076906bb0011a7dd456
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260526/f8f902c0/attachment.htm>