Bug activity log

2013-08-13 18:23 Created Upgrade to PuTTY 0.63
Component General
Severity Enhancement
Comment https://winscp.net/forum/viewtopic.php?t=12746
2013-08-13 18:29 Priority High
Comment Changes in PuTTY 0.63:
- Four security fixes:
- vuln-modmul, vuln-bignum-division-by-zero, private-key-not-wiped: The fix will be included in WinSCP 5.1.7 and WinSCP 5.2.4 beta
- vuln-signature-stringlen: Is fixed in WinSCP 5.1.6 and WinSCP 5.2.2 beta
- Port-forwarding fix: Planned to be fixed in WinSCP 5.2.4 beta or later
- The remaining changes are irrelevant to WinSCP or internal only
2013-08-13 18:30 Status RESOLVED
Implemented in 5.1.7
Resolution FIXED
Comment Vulnerabilities fixed
2013-08-13 18:32 Comment See Bug 1017 for vuln-signature-stringlen vulnerability.
2013-08-13 18:33 Comment References for other three vulnerabilities:
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.html
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html
2013-08-13 18:36 Comment Bundled private key tools (PuTTYgen and Pageant) will be upgraded to 0.63 with WinSCP 5.1.7 and WinSCP 5.2.4 beta.
2022-10-01 08:18 Comment Changes in PuTTY 0.63:·  -1. Four security fixes:·  - vuln-modmul, vuln-bignum-division-by-zero, private-key-not-wiped: The fix will be included in WinSCP 5.1.7 and WinSCP 5.2.4 beta ·  - vuln-signature-stringlen: Is fixed in WinSCP 5.1.6 and WinSCP 5.2.2 beta·  -2. Port-forwarding fix: Planned to be fixed in WinSCP 5.2.4 beta or later·  -3. The remaining changes are irrelevant to WinSCP or internal only