* SECURITY UPDATE: PuTTY did not properly wipe SSH-2 Private Keys from
system memory, which can allow local users to obtain sensitive information
by reading the memory. (LP: #1467631)
- debian/patches/private-key-not-wiped-2.patch: Add in fix patch from
Debian 0.63-10 packaging. Thanks to Patrick Coleman for the original
patch.
- CVE-2015-2157
-- Thomas Ward <email address hidden> Mon, 22 Jun 2015 14:12:25 -0400
This bug was fixed in the package putty - 0.63-8ubuntu0.1
---------------
putty (0.63-8ubuntu0.1) utopic-security; urgency=medium
* SECURITY UPDATE: PuTTY did not properly wipe SSH-2 Private Keys from patches/ private- key-not- wiped-2. patch: Add in fix patch from
system memory, which can allow local users to obtain sensitive information
by reading the memory. (LP: #1467631)
- debian/
Debian 0.63-10 packaging. Thanks to Patrick Coleman for the original
patch.
- CVE-2015-2157
-- Thomas Ward <email address hidden> Mon, 22 Jun 2015 14:12:25 -0400