<snip> 2005-02-20 SECURITY HOLE, fixed in PuTTY 0.57 PuTTY 0.57, released today, fixes two security holes which can allow a malicious SFTP server to execute code of its choice on a PSCP or PSFTP client connecting to it. We recommend everybody upgrade to 0.57 as soon as possible. </snip> I would test, but I'm not on gentoo atm, just looking through some things and noticed this, so I figured it would be beneficial to mention here. Latest in portage is 0.56. Reproducible: Always Steps to Reproduce: 1. 2. 3.
taviso, please bump to 0.57.
done.
GLSA 200502-28
i lately marked it stable on amd64. at least amd64@g.o was never added to cc according to my mails. now keywords are KEYWORDS="x86 alpha ~ppc ~sparc amd64" i saw the glsa, but shouldn't all arches be stable before this is announced?
No arches were called on this because the maintainer retained the KEYWORDS from the previous version (which was "x86 alpha ~ppc ~sparc ~amd64").
