Package : putty Version : 0.60+2010-02-20-1+squeeze3 CVE ID : CVE-2015-2157 Debian Bug : 779488 MATTA-2015-002 Florent Daigniere discovered that PuTTY did not enforce an acceptable range for the Diffie-Hellman server value, as required by RFC 4253, potentially allowing an eavesdroppable connection to be established in the event of a server weakness. #779488 CVE-2015-2157 Patrick Coleman discovered that PuTTY did not clear SSH-2 private key information from memory when loading and saving key files, which could result in disclosure of private key material. -- Colin Watson [cjwatson@debian.org]
Attachment:
signature.asc
Description: Digital signature