Date: Tue, 6 Aug 2013 13:56:10 -0600 From: Vincent Danen <vdanen@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request: three additional flaws fixed in putty 0.63 There seem to be some CVEs needed for putty 0.63 due to some other fixes that were fixed alongside CVE-2013-4852: * a heap-corrupting buffer underrun bug in the modmul function which performs modular multiplication: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.html http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9977 * A buffer overflow vulnerability in the calculation of modular inverses when verifying a DSA signature: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9996 * Private keys left in memory after being used by PuTTY tools: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9988 I can't see any CVE references so I suspect there are none. -- Vincent Danen / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.