Web lists-archives.com

Re: terminal with right-click = paste?




Lee wrote: 
> On 4/10/19, Peter Wiersig <peter@xxxxxxxxxxxxxxx> wrote:
> > Lee <ler762@xxxxxxxxx> writes:
> >
> > Package: putty (0.67-3+deb9u1)
> > Telnet/SSH client for X
> >
> > https://packages.debian.org/stretch/putty
> 
> Now there's a blast from the past!  I used to love putty but $WORK
> decided using it was a no-no.  In any case,
> https://www.chiark.greenend.org.uk/~sgtatham/putty/
>  2019-03-16 PuTTY 0.71 released
> PuTTY 0.71, released today, includes a large number of security fixes,
> many of which were found by the recent EU-funded HackerOne bug bounty.
> 
> How does one tell if putty (0.67-3+deb9u1) has all the security fixes
> that are in 0.71?

Excellent question.

https://packages.debian.org/search?suite=all&searchon=names&keywords=putty

can send you to

https://metadata.ftp-master.debian.org/changelogs//main/p/putty/putty_0.67-3+deb9u1_changelog

which has this as the most recent entry:

putty (0.67-3+deb9u1) stretch-security; urgency=high

  * Backport security fixes from 0.71:
    - In random_add_noise, put the hashed noise into the pool,
      not the raw
      noise.
    - New facility for removing pending toplevel callbacks.
    - CVE-2019-9898: Fix one-byte buffer overrun in
      random_add_noise().
    - uxnet: clean up callbacks when closing a NetSocket.
    - sk_tcp_close: fix memory leak of output bufchain.
    - Fix handling of bad RSA key with n=p=q=0.
    - Sanity-check the 'Public-Lines' field in ppk files.
    - Introduce an enum of the uxsel / select_result flags.
    - CVE-2019-9895: Switch to using poll(2) in place of
      select(2).
    - CVE-2019-9894: RSA kex: enforce the minimum key length.
    - CVE-2019-9897: Fix crash on ESC#6 + combining chars + GTK
      + odd-width
      terminal.
    - CVE-2019-9897: Limit the number of combining chars per
      terminal cell.
    - minibidi: fix read past end of line in rule W5.
    - CVE-2019-9897: Fix crash printing a width-2 char in a
      width-1
      terminal.

 -- Colin Watson <cjwatson@xxxxxxxxxx>  Tue, 02 Apr 2019
19:32:53 +0100