Tracker »
Issue 1039 »
Issue activity log
| 2013-08-13 18:23 | Created | Upgrade to PuTTY 0.63 |
| Component | General | |
| Severity | Enhancement | |
| Comment | https://winscp.net/forum/viewtopic.php?t=12746 | |
| 2013-08-13 18:29 | Priority | High |
| Comment | Changes in PuTTY 0.63: - Four security fixes: - vuln-modmul, vuln-bignum-division-by-zero, private-key-not-wiped: The fix will be included in WinSCP 5.1.7 and WinSCP 5.2.4 beta - vuln-signature-stringlen: Is fixed in WinSCP 5.1.6 and WinSCP 5.2.2 beta - Port-forwarding fix: Planned to be fixed in WinSCP 5.2.4 beta or later - The remaining changes are irrelevant to WinSCP or internal only |
|
| 2013-08-13 18:30 | Status | RESOLVED |
| Implemented in | 5.1.7 | |
| Resolution | FIXED | |
| Comment | Vulnerabilities fixed | |
| 2013-08-13 18:32 | Comment | See Issue 1017 for vuln-signature-stringlen vulnerability. |
| 2013-08-13 18:33 | Comment | References for other three vulnerabilities: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.html https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html |
| 2013-08-13 18:36 | Comment | Bundled private key tools (PuTTYgen and Pageant) will be upgraded to 0.63 with WinSCP 5.1.7 and WinSCP 5.2.4 beta. |
| 2022-10-01 08:18 | Comment | Changes in PuTTY 0.63:· -1. Four security fixes:· -– vuln-modmul, vuln-bignum-division-by-zero, private-key-not-wiped: The fix will be included in WinSCP 5.1.7 and WinSCP 5.2.4 beta · -– vuln-signature-stringlen: Is fixed in WinSCP 5.1.6 and WinSCP 5.2.2 beta· -2. Port-forwarding fix: Planned to be fixed in WinSCP 5.2.4 beta or later· -3. The remaining changes are irrelevant to WinSCP or internal only |
| 2024-12-26 07:57 | Implemented in (2nd) | 5.2.4 |