Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 6 Aug 2013 13:56:10 -0600
From: Vincent Danen <>
Subject: CVE request: three additional flaws fixed in putty 0.63

There seem to be some CVEs needed for putty 0.63 due to some other fixes
that were fixed alongside CVE-2013-4852:

* a heap-corrupting buffer underrun bug in the modmul function which performs modular multiplication:

* A buffer overflow vulnerability in the calculation of modular inverses when verifying a DSA signature:

* Private keys left in memory after being used by PuTTY tools:

I can't see any CVE references so I suspect there are none.

Vincent Danen / Red Hat Security Response Team 

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ