Now
MAIN commitmail json YAML
pkgsrc/security/putty/Makefile@1.59
/
diff
pkgsrc/security/putty/distinfo@1.27 / diff
pkgsrc/security/putty/patches/patch-ldisc.c@1.3 / diff
pkgsrc/security/putty/patches/patch-timing.c@1.3 / diff
pkgsrc/security/putty/patches/patch-unix_uxucs.c@1.3 / diff
pkgsrc/security/putty/distinfo@1.27 / diff
pkgsrc/security/putty/patches/patch-ldisc.c@1.3 / diff
pkgsrc/security/putty/patches/patch-timing.c@1.3 / diff
pkgsrc/security/putty/patches/patch-unix_uxucs.c@1.3 / diff
Update to 0.73
Changelog:
Vulnerabilities fixed in this release include:
- On Windows, the listening sockets used for local port forwarding
were opened in a mode that did not prevent other processes from
also listening on the same ports and stealing some of the incoming
connections.
- In the PuTTY terminal, bracketed paste mode was broken in 0.72, in
a way that made the pasted data look like manual keyboard input. So
any application relying on the bracketing sequences to protect
against malicious clipboard contents would have been misled.
- An SSH-1 server could trigger an access to freed memory by sending
the SSH1_MSG_DISCONNECT message. Not known to be exploitable.
Other bug fixes include:
- Windows Plink no longer crashes on startup when it tries to tell
you it's reusing an existing SSH connection.
- Windows PuTTY now updates its terminal window size correctly if the
screen resolution changes while it's maximised.
- If you display the coloured error messages from gcc in the PuTTY
terminal, there is no longer a missing character if a colour change
happens exactly at the end of a line.
- If you use the 'Clear Scrollback' menu option or escape sequence
while text in the scrollback is selected, it no longer causes an
assertion failure.
Changelog:
Vulnerabilities fixed in this release include:
- On Windows, the listening sockets used for local port forwarding
were opened in a mode that did not prevent other processes from
also listening on the same ports and stealing some of the incoming
connections.
- In the PuTTY terminal, bracketed paste mode was broken in 0.72, in
a way that made the pasted data look like manual keyboard input. So
any application relying on the bracketing sequences to protect
against malicious clipboard contents would have been misled.
- An SSH-1 server could trigger an access to freed memory by sending
the SSH1_MSG_DISCONNECT message. Not known to be exploitable.
Other bug fixes include:
- Windows Plink no longer crashes on startup when it tries to tell
you it's reusing an existing SSH connection.
- Windows PuTTY now updates its terminal window size correctly if the
screen resolution changes while it's maximised.
- If you display the coloured error messages from gcc in the PuTTY
terminal, there is no longer a missing character if a colour change
happens exactly at the end of a line.
- If you use the 'Clear Scrollback' menu option or escape sequence
while text in the scrollback is selected, it no longer causes an
assertion failure.