lp:debian/squeeze/putty

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Bug #212711: Assertion failure when appending to log file

Undecided

Fix Committed

Link a bug report

Related blueprints

13. By Colin Watson on 2013-08-08

* CVE-2011-4607: Passwords were left in memory using SSH
  keyboard-interactive auth.
* CVE-2013-4206: Buffer underrun in modmul could corrupt the heap.
* CVE-2013-4852: Negative string length in public-key signatures could
  cause integer overflow and overwrite all of memory (closes: #718779).
* CVE-2013-4207: Non-coprime values in DSA signatures can cause buffer
  overflow in modular inverse.
* CVE-2013-4208: Private keys were left in memory after being used by
  PuTTY tools.
* Backport some general proactive potentially-security-relevant tightening
  from upstream.

12. By Colin Watson on 2010-02-22

* New experimental development snapshot.
  - Console utilities send prompts to /dev/tty or failing that stderr, not
    to stdout (closes: #422295).
* Upgrade to debhelper v7.
* Move documentation from putty-tools to a new putty-doc package (closes:
  #472195).
* Add a watch file.
* Convert to source format 3.0 (quilt). No remaining Debian patches!

11. By Colin Watson on 2010-01-01

* New experimental development snapshot.
* Moved to bzr.debian.org; add Vcs-Bzr and Vcs-Browser control fields.

10. By Colin Watson on 2009-11-23

Use x11.pc when compiling/linking against GTK (closes: #556125).

9. By Colin Watson on 2009-09-07

* Rebuild manual pages with halibut 1.0+svn20090906-1, fixing option
  markers (see #496063).
* Stop calling dh_desktop, as it's now a no-op thanks to dpkg triggers.

8. By Colin Watson on 2009-04-05

* New experimental development snapshot.
  - Stop attempting to make session logs private on Unix. This was
    introduced in r7084 at the same time as sensible permissions when
    writing private key files; however, it causes an assertion failure
    whenever an attempt is made to append to an existing log file on Unix,
    and it's not clear what "is_private" *should* do for append, so revert
    to log file security being the user's responsibility (LP: #212711).
  - Cope with GTK+ 2.0 encoding keypress strings in the current locale
    rather than in ISO-8859-1 (closes: #517535).

7. By Colin Watson on 2009-02-23

* New experimental development snapshot.
  - Uses GTK+ 2.0 (closes: #516641, LP: #271277) and as a result supports
    Unicode window titles (LP: #48781).
  - Fixes handling of trailing CR in key files (closes: #414784).
* Disabled upstream Kerberos support for now, as it produces unwanted
  linkage in pterm and other binaries.

6. By Colin Watson on 2008-11-16

* Build-depend on x11proto-core-dev rather than x-dev (thanks, Lintian).
* Backport from upstream (r8150, Jacob Nevins; closes: #503186,
  LP: #67488):
  - Fix for portfwd-addr-family: on Unix, when a tunnel is specified as
    "Auto" (rather than IPv4 or IPv6-only; this is the default), try to
    open up listening sockets on both address families, rather than
    (unhelpfully) just IPv6. (And don't open one if the other can't be
    bound, in a nod to CVE-2008-1483.) Based on a patch from Ben A L
    Jemmett.
* Avoid problems with the -D_FORTIFY_SOURCE=2 default on Ubuntu by
  explicitly ignoring results from a number of calls to read, write, and
  fwrite. (This is pretty ham-handed and I've asked upstream whether they
  have any better ideas for any of these.)

5. By Colin Watson on 2008-05-28

* Move putty to Applications/Network/Communication menu sub-section.
* Use dh_desktop.

4. By Colin Watson on 2006-07-17

Remove Icon= from putty and pterm desktop files, as there are no icons
yet.