projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b386e15) | patch
putty: security bump to version 0.71
authorBaruch Siach <baruch@tkos.co.il>
Sun, 24 Mar 2019 19:21:13 +0000 (21:21 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Sun, 24 Mar 2019 22:05:20 +0000 (23:05 +0100)
commitb6f47c0a4327074c0aff80cc2b2e22e5c8eef692
tree9af485873b0ca0d1d8e46cca0c08728bb5928cdetree
parentb386e153958ece9a497efd4e27e7bd7657141c64commit | diff
putty: security bump to version 0.71

CVE-2019-9894: A remotely triggerable memory overwrite in RSA key
exchange can occur before host key verification.

CVE-2019-9895: A remotely triggerable buffer overflow exists in any kind
of server-to-client forwarding.

CVE-2019-9897: Multiple denial-of-service attacks that can be triggered
by writing to the terminal.

CVE-2019-9898: Potential recycling of random numbers used in
cryptography.

Disable static build for now. When building statically configure defines
NO_GSSAPI. Build with NO_GSSAPI is currently broken. The issue has been
reported upstream.

Cc: Alexander Dahl <post@lespocky.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/putty/Config.in diff | blob | history
package/putty/putty.hash diff | blob | history
package/putty/putty.mk diff | blob | history