First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 59383
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Carsten Lohrke <carlo@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 59383 depends on: Show dependency tree
Bug 59383 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-08-04 04:53 0000 
PuTTY 0.55, released today, fixes a serious security hole which may allow a
server to execute code of its choice on a PuTTY client connecting to it. In
SSH2, the attack can be performed before host key verification, meaning that
even if you trust the server you think you are connecting to, a different
machine could be impersonating it and could launch the attack before you could
tell the difference. We recommend everybody upgrade to 0.55 as soon as
possible.

------- Comment #1 From Thierry Carrez (RETIRED) 2004-08-04 08:08:59 0000 ------- 
Travis : please bump putty to version 0.55

------- Comment #2 From Tavis Ormandy (RETIRED) 2004-08-04 09:20:15 0000 ------- 
bumped as requested, old ebuilds removed.

------- Comment #3 From Thierry Carrez (RETIRED) 2004-08-04 10:20:10 0000 ------- 
Ready for a GLSA

------- Comment #4 From Sune Kloppenborg Jeppesen 2004-08-05 02:03:45 0000 ------- 
GLSA drafted : security please review.

------- Comment #5 From Sune Kloppenborg Jeppesen 2004-08-05 05:12:56 0000 ------- 
GLSA-200408-04
First Last Prev Next    No search results available      Search page      Enter new bug