simon-git: putty-wishlist (master): Simon Tatham
Commits to Tartarus hosted VCS
tartarus-commits at lists.tartarus.org
Thu Mar 21 07:16:54 GMT 2019
TL;DR:
eeab3f7 New pseudo-HTML tag <cve>.
d1457d1 Use the new <cve> tag in all existing cases.
bc1221c Add CVE entries for new vulnerabilities.
Repository: https://git.tartarus.org/simon/putty-wishlist.git
On the web: https://git.tartarus.org/?p=simon/putty-wishlist.git
Branch updated: master
Committer: Simon Tatham <anakin at pobox.com>
Date: 2019-03-21 07:16:54
commit eeab3f7f9a6a59f4f2f85ca8ca2efcafe2a1e2b5
web diff https://git.tartarus.org/?p=simon/putty-wishlist.git;a=commitdiff;h=eeab3f7f9a6a59f4f2f85ca8ca2efcafe2a1e2b5;hp=667c440068d189ef4fd23a261357f84be2d4aab7
Author: Simon Tatham <anakin at pobox.com>
Date: Thu Mar 21 07:05:17 2019 +0000
New pseudo-HTML tag <cve>.
I'm about to have to add five CVE numbers to new bug entries, and I'm
sick of finding and pasting that Mitre URL scheme from a previous case
every time I do it. Now I can just write <cve id="CVE-yyyy-xxxx"/> in
the pseudo-HTML bug text.
As a bonus, this will make the generated URL reliably use HTTPS.
control/bugs2html.py | 42 +++++++++++++++++++++---------------------
1 file changed, 21 insertions(+), 21 deletions(-)
commit d1457d11a04965751468e195bd8242dc66688116
web diff https://git.tartarus.org/?p=simon/putty-wishlist.git;a=commitdiff;h=d1457d11a04965751468e195bd8242dc66688116;hp=eeab3f7f9a6a59f4f2f85ca8ca2efcafe2a1e2b5
Author: Simon Tatham <anakin at pobox.com>
Date: Thu Mar 21 07:06:55 2019 +0000
Use the new <cve> tag in all existing cases.
As well as tidying up the HTML, this also updates all the URLs to the
HTTPS version.
data/password-not-wiped | 2 +-
data/private-key-not-wiped | 3 +--
data/private-key-not-wiped-2 | 3 +--
data/pscp-unsanitised-server-output | 7 +++----
data/puttygen-unix-perms | 3 +--
data/vuln-agent-fwd-overflow | 2 +-
data/vuln-bignum-division-by-zero | 3 +--
data/vuln-ech-overflow | 7 +++----
data/vuln-indirect-dll-hijack | 3 +--
data/vuln-modmul | 2 +-
data/vuln-modpow | 2 +-
data/vuln-passwd-memdump | 5 +----
data/vuln-pscp-sink-sscanf | 3 +--
data/vuln-sftp-readdir | 3 +--
data/vuln-sftp-string | 3 +--
data/vuln-signature-stringlen | 3 +--
data/vuln-ssh2-debug | 3 +--
data/vuln-sshredder | 8 ++++----
data/vuln-window-title | 5 +----
19 files changed, 26 insertions(+), 44 deletions(-)
commit bc1221c690fc4f021801ddd851351c6db7b9585f
web diff https://git.tartarus.org/?p=simon/putty-wishlist.git;a=commitdiff;h=bc1221c690fc4f021801ddd851351c6db7b9585f;hp=d1457d11a04965751468e195bd8242dc66688116
Author: Simon Tatham <anakin at pobox.com>
Date: Thu Mar 21 07:13:38 2019 +0000
Add CVE entries for new vulnerabilities.
Thanks to Marcus Meissner for getting Mitre to assign some.
This covers everything fixed in 0.71 apart from vuln-dss-verify (which
presumably doesn't count due to never having been in a release) and
vuln-auth-prompt-spoofing (which perhaps doesn't count because it's a
user interface issue rather than a code bug in the usual sense).
data/vuln-chm-hijack | 1 +
data/vuln-fd-set-overflow | 1 +
data/vuln-rng-reuse | 1 +
data/vuln-rsa-kex-integer-overflow | 1 +
data/vuln-terminal-dos-combining-chars | 6 ++++++
data/vuln-terminal-dos-combining-chars-double-width-gtk | 6 ++++++
data/vuln-terminal-dos-one-column-cjk | 6 ++++++
7 files changed, 22 insertions(+)
More information about the tartarus-commits
mailing list