Information on source package putty

Available versions

ReleaseVersion
jessie0.63-10+deb8u1
jessie (security)0.63-10+deb8u2
stretch0.67-3+deb9u1
buster0.70-6
bullseye0.73-1
sid0.73-1

Open issues

BugjessiestretchbusterbullseyesidDescription
CVE-2019-9895vulnerable (no DSA, ignored)fixedfixedfixedfixedIn PuTTY versions before 0.71 on Unix, a remotely triggerable buffer o ...
CVE-2017-6542vulnerable (no DSA)fixedfixedfixedfixedThe ssh_agent_channel_data function in PuTTY before 0.68 allows remote ...
CVE-2016-2563vulnerable (no DSA)fixedfixedfixedfixedStack-based buffer overflow in the SCP command-line utility in PuTTY b ...

Open unimportant issues

BugjessiestretchbusterbullseyesidDescription
CVE-2019-17069vulnerablevulnerablevulnerablefixedfixedPuTTY before 0.73 might allow remote SSH-1 servers to cause a denial o ...

Resolved issues

BugDescription
TEMP-0000000-F707E4MATTA-2015-002: Enforce acceptable range for Diffie-Hellman server value
CVE-2019-9898Potential recycling of random numbers used in cryptography exists with ...
CVE-2019-9897Multiple denial-of-service attacks that can be triggered by writing to ...
CVE-2019-9896In PuTTY versions before 0.71 on Windows, local attackers could hijack ...
CVE-2019-9894A remotely triggerable memory overwrite in RSA key exchange in PuTTY b ...
CVE-2019-17068PuTTY before 0.73 mishandles the "bracketed paste mode" protection mec ...
CVE-2019-17067PuTTY before 0.73 on Windows improperly opens port-forwarding listenin ...
CVE-2016-6167Multiple untrusted search path vulnerabilities in Putty beta 0.67 allo ...
CVE-2015-5309Integer overflow in the terminal emulator in PuTTY before 0.66 allows ...
CVE-2015-2157The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY ...
CVE-2013-4852Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and o ...
CVE-2013-4208The rsa_verify function in PuTTY before 0.63 (1) does not clear sensit ...
CVE-2013-4207Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH serv ...
CVE-2013-4206Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY ...
CVE-2011-4607PuTTY 0.59 through 0.61 does not clear sensitive process memory when m ...
CVE-2006-7162PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files co ...
CVE-2005-0467Multiple integer overflows in the (1) sftp_pkt_getstring and (2) fxp_r ...
CVE-2004-1440Multiple heap-based buffer overflows in the modpow function in PuTTY b ...
CVE-2004-1008Integer signedness error in the ssh2_rdpkt function in PuTTY before 0. ...
CVE-2003-0069The PuTTY terminal emulator 0.53 allows attackers to modify the window ...
CVE-2003-0048PuTTY 0.53b and earlier does not clear logon credentials from memory, ...

Security announcements

DSA / DLADescription
DLA-1763-1putty - security update
DSA-4423-1putty - security update
DSA-3409-1putty - security update
DLA-347-1putty - security update
DSA-3190-1putty - security update
DLA-173-1putty - security update
DSA-2736-1putty - several

Search for package or bug name: Reporting problems