Simon Tatham reports:
[Release 0.74] fixes the following security issues:
- New configuration option to disable PuTTY's default policy of
changing its host key algorithm preferences to prefer keys it
already knows. (There is a theoretical information leak in this
policy.) [CVE-2020-14002]
- In some situations an SSH server could cause PuTTY to access freed
mdmory by pretending to accept an SSH key and then refusing the
actual signature. It can only happen if you're using an SSH agent.