PuTTY 0.73 is released

PuTTY version 0.73 is released ------------------------------ All the pre-built binaries, and the source code, are now available from the PuTTY website at https://www.chiark.greenend.org.uk/~sgtatham/putty/ This is a SECURITY UPDATE, fixing minor vulnerabilities affecting port forwarding on Windows; bracketed paste mode in the terminal; and any use of SSH-1. We recommend that anyone using those features should update. Vulnerabilities fixed in this release include: - On Windows, the listening sockets used for local port forwarding were opened in a mode that did not prevent other processes from also listening on the same ports and stealing some of the incoming connections. - In the PuTTY terminal, bracketed paste mode was broken in 0.72, in a way that made the pasted data look like manual keyboard input. So any application relying on the bracketing sequences to protect against malicious clipboard contents would have been misled. - An SSH-1 server could trigger an access to freed memory by sending the SSH1_MSG_DISCONNECT message. Not known to be exploitable. Other bug fixes include: - Windows Plink no longer crashes on startup when it tries to tell you it's reusing an existing SSH connection. - Windows PuTTY now updates its terminal window size correctly if the screen resolution changes while it's maximised. - If you display the coloured error messages from gcc in the PuTTY terminal, there is no longer a missing character if a colour change happens exactly at the end of a line. - If you use the 'Clear Scrollback' menu option or escape sequence while text in the scrollback is selected, it no longer causes an assertion failure. Enjoy using PuTTY! Cheers, Simon -- import hashlib; print((lambda p,q,g,y,r,s,m: (lambda w:(pow(g,int(hashlib.sha1( m.encode('ascii')).hexdigest(),16)*w%q,p)*pow(y,r*w%q,p)%p)%q)(pow(s,q-2,q))==r and m)(0xb80b5dacabab6145,0xf70027d345023,0x7643bc4018957897,0x11c2e5d9951130c9 ,0xa54d9cbe4e8ab,0x746c50eaa1910, "Simon Tatham <anakin at pobox.com>" ))