id summary reporter owner description type status priority component resolution keywords cc component_version os os_version 8826 More security issues in putty (CVE-2013-4206, CVE-2013-4207, CVE-2013-4208) oden "Reference: http://www.openwall.com/lists/oss-security/2013/08/06/13 ""On 08/06/2013 01:56 PM, Vincent Danen wrote: > There seem to be some CVEs needed for putty 0.63 due to some other > fixes that were fixed alongside CVE-2013-4852: > > > * a heap-corrupting buffer underrun bug in the modmul function > which performs modular multiplication: > http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.html > > http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9977 Please use CVE-2013-4206 for this issue. > * A buffer overflow vulnerability in the calculation of modular > inverses when verifying a DSA signature: > http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html > > > http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9996 Please > use CVE-2013-4207 for this issue. > * Private keys left in memory after being used by PuTTY tools: > http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html > > > http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9988 Please > use CVE-2013-4208 for this issue.""" Bug report closed high FileZilla Client fixed Linux