net-ftp/filezilla bundles net-misc/putty and is therefore affected by > integer overflow permits memory overwrite by forwarded ssh-agent connections Please see bug 610552 for more details.
@ Maintainer(s): Can we already start stabilization of =net-ftp/filezilla-3.24.1?
Unfortunately it's not that easy to stabilize any newer filezilla. Recent versions depend on dev-libs/libfilezilla which is not keyworded for all arches our current stable filezilla has KEYWORDS for. So we have to: - finish the re-keywording for dev-libs/libfilezilla and recent net-ftp/filezilla (bug #571888) - do a stabilization request once the re-krewording is done.
Putty CVE CVE-2017-6542 (assigning)
Polyno(In reply to Lars Wendler (Polynomial-C) from comment #2) > Unfortunately it's not that easy to stabilize any newer filezilla. > Recent versions depend on dev-libs/libfilezilla which is not keyworded for > all arches our current stable filezilla has KEYWORDS for. > > So we have to: > > - finish the re-keywording for dev-libs/libfilezilla and recent > net-ftp/filezilla (bug #571888) > - do a stabilization request once the re-krewording is done. Lars, we can not be held in ransom by 3 non active arches and jeopardize the security of the distribution. Can you please call stabilization for all arches that have done this already (all but ia64 / ppc / sparc).
As a matter of fact, we talked about stabling a newer filezilla anyways just yesterday With gnutls and pugixml dependencies done, that leaves only ppc out. amd/x86, please test and mark stable newer libfilezilla/filezilla mentioned in package list, thanks!
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
New GLSA request filed.
Old versions cleaned (and bug #571888 notified for late arches)
This issue was resolved and addressed in GLSA 201706-09 at https://security.gentoo.org/glsa/201706-09 by GLSA coordinator Thomas Deutschmann (whissi).