diff -Nru putty-0.63/debian/changelog putty-0.63/debian/changelog --- putty-0.63/debian/changelog 2014-10-12 15:47:43.000000000 -0400 +++ putty-0.63/debian/changelog 2015-06-22 14:13:52.000000000 -0400 @@ -1,3 +1,15 @@ +putty (0.63-8ubuntu0.1) utopic-security; urgency=medium + + * SECURITY UPDATE: PuTTY did not properly wipe SSH-2 Private Keys from + system memory, which can allow local users to obtain sensitive information + by reading the memory. + - debian/patches/private-key-not-wiped-2.patch: Add in fix patch from + Debian 0.63-10 packaging. Thanks to Patrick Coleman for the original + patch. + - CVE-2015-2157 + + -- Thomas Ward Mon, 22 Jun 2015 14:12:25 -0400 + putty (0.63-8) unstable; urgency=medium * Backport from upstream (Simon Tatham), suggested by Jacob Nevins: diff -Nru putty-0.63/debian/control putty-0.63/debian/control --- putty-0.63/debian/control 2014-10-12 15:43:24.000000000 -0400 +++ putty-0.63/debian/control 2015-06-22 14:13:18.000000000 -0400 @@ -1,7 +1,8 @@ Source: putty Section: net Priority: optional -Maintainer: Colin Watson +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Colin Watson Standards-Version: 3.5.9 Build-Depends: dpkg-dev (>= 1.15.7~), debhelper (>= 9~), dh-autoreconf, pkg-config, libgtk2.0-dev, x11proto-core-dev, libx11-dev, imagemagick, python Vcs-Git: git://anonscm.debian.org/pkg-ssh/putty.git diff -Nru putty-0.63/debian/patches/private-key-not-wiped-2.patch putty-0.63/debian/patches/private-key-not-wiped-2.patch --- putty-0.63/debian/patches/private-key-not-wiped-2.patch 1969-12-31 19:00:00.000000000 -0500 +++ putty-0.63/debian/patches/private-key-not-wiped-2.patch 2015-06-22 14:11:54.000000000 -0400 @@ -0,0 +1,70 @@ +From ec231f1fb9e91c21cc24fd0ce731d9bee7218613 Mon Sep 17 00:00:00 2001 +From: Simon Tatham +Date: Sun, 1 Mar 2015 12:55:31 +0000 +Subject: Add some missing smemclrs and sfrees. + +The absence of these could have prevented sensitive private key +information from being properly cleared out of memory that PuTTY tools +had finished with. + +Thanks to Patrick Coleman for spotting this and sending a patch. + +Origin: upstream, http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=65f69bca7363ceceeac515ae2a82b8f8adc6404d +Bug: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html +Bug-Debian: http://bugs.debian.org/779488 + +Patch-Name: private-key-not-wiped-2.patch +--- + sshpubk.c | 18 ++++++++++++++---- + 1 file changed, 14 insertions(+), 4 deletions(-) + +diff --git a/sshpubk.c b/sshpubk.c +index 8cb4bf1..753370d 100644 +--- a/sshpubk.c ++++ b/sshpubk.c +@@ -844,6 +844,7 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename, + goto error; + } + sfree(public_blob); ++ smemclr(private_blob, private_blob_len); + sfree(private_blob); + sfree(encryption); + if (errorstr) +@@ -864,8 +865,10 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename, + sfree(mac); + if (public_blob) + sfree(public_blob); +- if (private_blob) +- sfree(private_blob); ++ if (private_blob) { ++ smemclr(private_blob, private_blob_len); ++ sfree(private_blob); ++ } + if (errorstr) + *errorstr = error; + return ret; +@@ -1154,8 +1157,14 @@ int ssh2_save_userkey(const Filename *filename, struct ssh2_userkey *key, + } + + fp = f_open(filename, "w", TRUE); +- if (!fp) +- return 0; ++ if (!fp) { ++ sfree(pub_blob); ++ smemclr(priv_blob, priv_blob_len); ++ sfree(priv_blob); ++ smemclr(priv_blob_encrypted, priv_blob_len); ++ sfree(priv_blob_encrypted); ++ return 0; ++ } + fprintf(fp, "PuTTY-User-Key-File-2: %s\n", key->alg->name); + fprintf(fp, "Encryption: %s\n", cipherstr); + fprintf(fp, "Comment: %s\n", key->comment); +@@ -1172,6 +1181,7 @@ int ssh2_save_userkey(const Filename *filename, struct ssh2_userkey *key, + sfree(pub_blob); + smemclr(priv_blob, priv_blob_len); + sfree(priv_blob); ++ smemclr(priv_blob_encrypted, priv_blob_len); + sfree(priv_blob_encrypted); + return 1; + } diff -Nru putty-0.63/debian/patches/series putty-0.63/debian/patches/series --- putty-0.63/debian/patches/series 2014-10-12 15:43:25.000000000 -0400 +++ putty-0.63/debian/patches/series 2015-06-22 14:11:54.000000000 -0400 @@ -8,3 +8,4 @@ gtk-timer-leak-1.patch gtk-timer-leak-2.patch dynamic-tunnel-session.patch +private-key-not-wiped-2.patch