Date: Tue, 6 Aug 2013 13:56:10 -0600 From: Vincent Danen <vdanen@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request: three additional flaws fixed in putty 0.63 There seem to be some CVEs needed for putty 0.63 due to some other fixes that were fixed alongside CVE-2013-4852: * a heap-corrupting buffer underrun bug in the modmul function which performs modular multiplication: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.html http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9977 * A buffer overflow vulnerability in the calculation of modular inverses when verifying a DSA signature: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9996 * Private keys left in memory after being used by PuTTY tools: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9988 I can't see any CVE references so I suspect there are none. -- Vincent Danen / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ