Branches for Squeeze

Author: Colin Watson
Revision Date: 2013-08-08 23:37:19 UTC

* CVE-2011-4607: Passwords were left in memory using SSH
  keyboard-interactive auth.
* CVE-2013-4206: Buffer underrun in modmul could corrupt the heap.
* CVE-2013-4852: Negative string length in public-key signatures could
  cause integer overflow and overwrite all of memory (closes: #718779).
* CVE-2013-4207: Non-coprime values in DSA signatures can cause buffer
  overflow in modular inverse.
* CVE-2013-4208: Private keys were left in memory after being used by
  PuTTY tools.
* Backport some general proactive potentially-security-relevant tightening
  from upstream.