| 2015-06-22 18:21:01 |
Thomas Ward |
bug |
|
|
added bug |
| 2015-06-22 18:22:33 |
Thomas Ward |
attachment added |
|
CVE-2015-2157 DebDiff for Trusty https://bugs.launchpad.net/ubuntu/+source/putty/+bug/1467631/+attachment/4418835/+files/cve-2015-2157_trusty.debdiff |
|
| 2015-06-22 18:22:54 |
Thomas Ward |
attachment added |
|
CVE-2015-2157 DebDiff for Utopic https://bugs.launchpad.net/ubuntu/+source/putty/+bug/1467631/+attachment/4418836/+files/cve-2015-2157_utopic.debdiff |
|
| 2015-06-22 18:26:52 |
Thomas Ward |
cve linked |
|
2015-2157 |
|
| 2015-06-22 18:27:11 |
Thomas Ward |
nominated for series |
|
Ubuntu Utopic |
|
| 2015-06-22 18:27:11 |
Thomas Ward |
nominated for series |
|
Ubuntu Precise |
|
| 2015-06-22 18:27:11 |
Thomas Ward |
nominated for series |
|
Ubuntu Trusty |
|
| 2015-06-22 18:27:50 |
Thomas Ward |
description |
It was found that:
The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51
through 0.63 do not properly wipe SSH-2 private keys from memory, which
allows local users to obtain sensitive information by reading the memory.
(This information is from the Ubuntu CVE Tracker at http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-2157.html)
------
This CVE has been fixed with Upstream 0.64.
This issue does not affect Vivid or Wily.
------
This bug is being created in order to track fix status in Ubuntu packages. "Low" severity was set based on the CVE severity. "Confirmed" status was set because this is a publicly confirmed bug thanks to the CVE. |
It was found that:
The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51
through 0.63 do not properly wipe SSH-2 private keys from memory, which
allows local users to obtain sensitive information by reading the memory.
(This information is from the Ubuntu CVE Tracker at http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-2157.html)
------
This CVE has been fixed with Upstream 0.64.
This issue does not affect Vivid or Wily.
This issue affects Precise, Trusty, and Utopic.
------
This bug is being created in order to track fix status in Ubuntu packages. "Low" severity was set based on the CVE severity. "Confirmed" status was set because this is a publicly confirmed bug thanks to the CVE. |
|
| 2015-06-22 18:28:09 |
Thomas Ward |
description |
It was found that:
The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51
through 0.63 do not properly wipe SSH-2 private keys from memory, which
allows local users to obtain sensitive information by reading the memory.
(This information is from the Ubuntu CVE Tracker at http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-2157.html)
------
This CVE has been fixed with Upstream 0.64.
This issue does not affect Vivid or Wily.
This issue affects Precise, Trusty, and Utopic.
------
This bug is being created in order to track fix status in Ubuntu packages. "Low" severity was set based on the CVE severity. "Confirmed" status was set because this is a publicly confirmed bug thanks to the CVE. |
It was found that:
The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.
(This information is from the Ubuntu CVE Tracker at http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-2157.html)
------
This CVE has been fixed with Upstream 0.64.
This issue does not affect Vivid or Wily.
This issue affects Precise, Trusty, and Utopic.
------
This bug is being created in order to track fix status in Ubuntu packages. "Low" severity was set based on the CVE severity. "Confirmed" status was set because this is a publicly confirmed bug thanks to the CVE. |
|
| 2015-06-22 18:29:50 |
Marc Deslauriers |
bug task added |
|
putty (Ubuntu Precise) |
|
| 2015-06-22 18:29:56 |
Marc Deslauriers |
bug task added |
|
putty (Ubuntu Utopic) |
|
| 2015-06-22 18:30:01 |
Marc Deslauriers |
bug task added |
|
putty (Ubuntu Trusty) |
|
| 2015-06-22 18:30:09 |
Thomas Ward |
bug |
|
|
added subscriber Ubuntu Security Sponsors Team |
| 2015-06-22 18:31:34 |
Thomas Ward |
putty (Ubuntu Precise): status |
New |
Confirmed |
|
| 2015-06-22 18:31:35 |
Thomas Ward |
putty (Ubuntu Trusty): status |
New |
Confirmed |
|
| 2015-06-22 18:31:37 |
Thomas Ward |
putty (Ubuntu Utopic): status |
New |
Confirmed |
|
| 2015-06-22 18:31:40 |
Thomas Ward |
putty (Ubuntu Precise): importance |
Undecided |
Low |
|
| 2015-06-22 18:31:43 |
Thomas Ward |
putty (Ubuntu Utopic): importance |
Undecided |
Low |
|
| 2015-06-22 18:31:45 |
Thomas Ward |
putty (Ubuntu Trusty): importance |
Undecided |
Low |
|
| 2015-06-22 18:37:51 |
Thomas Ward |
putty (Ubuntu): status |
Confirmed |
Fix Released |
|
| 2015-06-23 01:09:18 |
Thomas Ward |
attachment added |
|
CVE-2015-2157 DebDiff for Precise - Needs Additional Review! https://bugs.launchpad.net/ubuntu/+source/putty/+bug/1467631/+attachment/4418946/+files/cve-2015-2157_precise.debdiff |
|
| 2015-06-23 11:42:32 |
Marc Deslauriers |
putty (Ubuntu Trusty): status |
Confirmed |
Fix Committed |
|
| 2015-06-23 11:42:34 |
Marc Deslauriers |
putty (Ubuntu Utopic): status |
Confirmed |
Fix Committed |
|
| 2015-06-23 12:07:16 |
Marc Deslauriers |
bug watch added |
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789686 |
|
| 2015-06-23 12:10:48 |
Thomas Ward |
attachment removed |
CVE-2015-2157 DebDiff for Precise - Needs Additional Review! https://bugs.launchpad.net/ubuntu/+source/putty/+bug/1467631/+attachment/4418946/+files/cve-2015-2157_precise.debdiff |
|
|
| 2015-06-23 12:29:16 |
Launchpad Janitor |
putty (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|
| 2015-06-23 12:35:20 |
Launchpad Janitor |
putty (Ubuntu Utopic): status |
Fix Committed |
Fix Released |
|
| 2015-06-23 12:54:35 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/trusty-security/putty |
|
| 2015-06-23 12:54:44 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/utopic/putty/utopic-security |
|
| 2015-06-23 13:11:12 |
Marc Deslauriers |
removed subscriber Ubuntu Security Sponsors Team |
|
|
|
| 2017-02-08 16:42:46 |
jorge |
putty (Ubuntu Precise): status |
Confirmed |
Fix Committed |
|
| 2017-02-08 16:42:49 |
jorge |
putty (Ubuntu Precise): status |
Fix Committed |
Fix Released |
|
| 2017-02-09 00:24:49 |
Colin Watson |
putty (Ubuntu Precise): status |
Fix Released |
Confirmed |
|
| 2021-10-14 05:02:49 |
Steve Langasek |
putty (Ubuntu Precise): status |
Confirmed |
Won't Fix |
|
