PuTTY 0.73 is released
anakin at pobox.com
Sun Sep 29 16:19:14 BST 2019
PuTTY version 0.73 is released
All the pre-built binaries, and the source code, are now available
from the PuTTY website at
This is a SECURITY UPDATE, fixing minor vulnerabilities affecting port
forwarding on Windows; bracketed paste mode in the terminal; and any
use of SSH-1. We recommend that anyone using those features should
Vulnerabilities fixed in this release include:
- On Windows, the listening sockets used for local port forwarding
were opened in a mode that did not prevent other processes from
also listening on the same ports and stealing some of the incoming
- In the PuTTY terminal, bracketed paste mode was broken in 0.72, in
a way that made the pasted data look like manual keyboard input. So
any application relying on the bracketing sequences to protect
against malicious clipboard contents would have been misled.
- An SSH-1 server could trigger an access to freed memory by sending
the SSH1_MSG_DISCONNECT message. Not known to be exploitable.
Other bug fixes include:
- Windows Plink no longer crashes on startup when it tries to tell
you it's reusing an existing SSH connection.
- Windows PuTTY now updates its terminal window size correctly if the
screen resolution changes while it's maximised.
- If you display the coloured error messages from gcc in the PuTTY
terminal, there is no longer a missing character if a colour change
happens exactly at the end of a line.
- If you use the 'Clear Scrollback' menu option or escape sequence
while text in the scrollback is selected, it no longer causes an
Enjoy using PuTTY!
import hashlib; print((lambda p,q,g,y,r,s,m: (lambda w:(pow(g,int(hashlib.sha1(
,0xa54d9cbe4e8ab,0x746c50eaa1910, "Simon Tatham <anakin at pobox.com>" ))
More information about the PuTTY-announce