diff options
| -rw-r--r-- | security/putty/Makefile | 3 | ||||
| -rw-r--r-- | security/putty/distinfo | 4 | ||||
| -rw-r--r-- | security/putty/files/patch-timing.c | 11 | ||||
| -rw-r--r-- | security/vuxml/vuln.xml | 42 |
4 files changed, 45 insertions, 15 deletions
diff --git a/security/putty/Makefile b/security/putty/Makefile index d4943d9411bf..123ed2f3396a 100644 --- a/security/putty/Makefile +++ b/security/putty/Makefile @@ -1,8 +1,7 @@ # $FreeBSD$ PORTNAME= putty -PORTVERSION= 0.62 -PORTREVISION= 3 +PORTVERSION= 0.63 CATEGORIES= security ipv6 MASTER_SITES= http://the.earth.li/~sgtatham/putty/%SUBDIR%/ \ ftp://ftp.chiark.greenend.org.uk/users/sgtatham/putty-latest/ diff --git a/security/putty/distinfo b/security/putty/distinfo index db46399add4b..c1af5f4e9767 100644 --- a/security/putty/distinfo +++ b/security/putty/distinfo @@ -1,2 +1,2 @@ -SHA256 (putty-0.62.tar.gz) = 8d187e86ee18c839895d263607b61788778564e3720e8d85c5305a04f9da0573 -SIZE (putty-0.62.tar.gz) = 1783106 +SHA256 (putty-0.63.tar.gz) = 81e8eaaf31be7d9a46b4f3fb80d1d9540776f142cd89d0a11f2f8082dc68f8b5 +SIZE (putty-0.63.tar.gz) = 1887913 diff --git a/security/putty/files/patch-timing.c b/security/putty/files/patch-timing.c deleted file mode 100644 index 507d1f7d1b1c..000000000000 --- a/security/putty/files/patch-timing.c +++ /dev/null @@ -1,11 +0,0 @@ ---- ../timing.c.orig 2011-07-17 13:40:59.000000000 +0200 -+++ ../timing.c 2011-07-17 13:41:13.000000000 +0200 -@@ -41,7 +41,7 @@ - * Failing that, compare on the other two fields, just so that - * we don't get unwanted equality. - */ --#ifdef __LCC__ -+#if defined(__LCC__) || defined(__clang__) - /* lcc won't let us compare function pointers. Legal, but annoying. */ - { - int c = memcmp(&a->fn, &b->fn, sizeof(a->fn)); diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 57ec00ffccde..238415fb21dd 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,48 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="4b448a96-ff73-11e2-b28d-080027ef73ec"> + <topic>PuTTY -- Four security holes in versions before 0.63</topic> + <affects> + <package> + <name>putty</name> + <range><lt>0.63</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Simon Tatham reports:</p> + <blockquote cite="http://lists.tartarus.org/pipermail/putty-announce/2013/000018.html"> + <p>This [0.63] release fixes multiple security holes in previous versions of + PuTTY, which can allow an SSH-2 server to make PuTTY overrun or + underrun buffers and crash. [...] + </p><p> + These vulnerabilities can be triggered before host key verification, + which means that you are not even safe if you trust the server you + <em>think</em> you're connecting to, since it could be spoofed over the + network and the host key check would not detect this before the attack + could take place. + </p><p> + Additionally, when PuTTY authenticated with a user's private key, the + private key or information equivalent to it was accidentally kept in + PuTTY's memory for the rest of its run, where it could be retrieved by + other processes reading PuTTY's memory, or written out to swap files + or crash dumps. This release fixes that as well.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-4206</cvename> + <cvename>CVE-2013-4207</cvename> + <cvename>CVE-2013-4208</cvename> + <cvename>CVE-2013-4852</cvename> + </references> + <dates> + <discovery>2013-07-08</discovery> + <entry>2013-08-07</entry> + </dates> + </vuln> + <vuln vid="e6839625-fdfa-11e2-9430-20cf30e32f6d"> <topic>typo3 -- Multiple vulnerabilities in TYPO3 Core</topic> <affects> |