Tracker »

Bug 1039 – Upgrade to PuTTY 0.63

No search results available

Summary: Upgrade to PuTTY 0.63

Component: General

Version: Unspecified

OS: Unspecified

Severity: Enhancement

Priority: High

Implemented/Fixed in: 5.1.7

Resolution: FIXED

Status: RESOLVED

Votes: 0

Last modified: 2013-08-13 18:36
View Bug Activity

Description
2013-08-13 18:23

https://winscp.net/forum/viewtopic.php?t=12746

Comment #1
2013-08-13 18:29

Changes in PuTTY 0.63:
- Four security fixes:
- vuln-modmul, vuln-bignum-division-by-zero, private-key-not-wiped: The fix will be included in WinSCP 5.1.7 and WinSCP 5.2.4 beta
- vuln-signature-stringlen: Is fixed in WinSCP 5.1.6 and WinSCP 5.2.2 beta
- Port-forwarding fix: Planned to be fixed in WinSCP 5.2.4 beta or later
- The remaining changes are irrelevant to WinSCP or internal only

Comment #2
2013-08-13 18:30

Vulnerabilities fixed

Comment #3
2013-08-13 18:32

See Bug 1017 for vuln-signature-stringlen vulnerability.

Comment #4
2013-08-13 18:33

References for other three vulnerabilities:
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.html
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html

Comment #5
2013-08-13 18:36

Bundled private key tools (PuTTYgen and Pageant) will be upgraded to 0.63 with WinSCP 5.1.7 and WinSCP 5.2.4 beta.