[Buildroot] [PATCH] putty: security bump to version 0.71
Peter Korsgaard
peter at korsgaard.com
Thu Mar 28 09:30:42 UTC 2019
>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:
> CVE-2019-9894: A remotely triggerable memory overwrite in RSA key
> exchange can occur before host key verification.
> CVE-2019-9895: A remotely triggerable buffer overflow exists in any kind
> of server-to-client forwarding.
> CVE-2019-9897: Multiple denial-of-service attacks that can be triggered
> by writing to the terminal.
> CVE-2019-9898: Potential recycling of random numbers used in
> cryptography.
> Disable static build for now. When building statically configure defines
> NO_GSSAPI. Build with NO_GSSAPI is currently broken. The issue has been
> reported upstream.
> Cc: Alexander Dahl <post at lespocky.de>
> Signed-off-by: Baruch Siach <baruch at tkos.co.il>
Committed to 2018.02.x, 2018.11.x and 2019.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list