PuTTY 0.64 がリリース

PuTTY 0.63 and earlier versions, after loading a private key from a disk file, mistakenly leak a memory buffer containing a copy of the private key, in the function ssh2_load_userkey. The companion function ssh2_save_userkey (only called by PuTTYgen) can also leak a copy, but only in the case where the file it tried to save to could not be created.
[...]
This issue is distinct from private-key-not-wiped, which was in a different part of the code and was fixed in 0.63.

PuTTY 0.63 and earlier versions implement Diffie-Hellman key exchange without checking that the value sent by the server is within the range [1,p-1]. This range check is required by section 8 of RFC 4253.

Apparently the build initially uploaded to the website as 0.64 was in fact built from the wrong branch and didn't have those fixes in. Sorry again! Teething trouble from last year's migration to git. A new 0.64 is now up in its place. You can identify the wrong build by the fact that the list box in the SSH > Kex config panel includes the option "ECDH key exchange", which is a post-0.64 feature that should not be in the real 0.64. The correct 0.64 should not have that option.