Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 920304 - <net-misc/putty-0.80: Terrapin vulnerability
Summary: <net-misc/putty-0.80: Terrapin vulnerability
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://www.chiark.greenend.org.uk/~s...
Whiteboard: B3 [glsa+]
Keywords:
Depends on: 920340
Blocks: CVE-2023-48795
  Show dependency tree
 
Reported: 2023-12-19 07:37 UTC by Hanno Böck
Modified: 2024-07-05 06:45 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2023-12-19 07:37:56 UTC 
net-misc/putty-0.80 contains the mitigation for the Terrapin vulnerability:
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html

"Security fix: support for OpenSSH's new kex-strict protocol modification, addressing a vulnerability in some @openssh.com cipher and MAC modes, in particular ChaCha20+Poly1305. "
Comment 1 Larry the Git Cow gentoo-dev 2023-12-19 19:59:02 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bd44ffd68222824e8144fc501cf46eb12a39a311

commit bd44ffd68222824e8144fc501cf46eb12a39a311
Author:     Matthew Smith <matthew@gentoo.org>
AuthorDate: 2023-12-19 19:55:14 +0000
Commit:     Matthew Smith <matthew@gentoo.org>
CommitDate: 2023-12-19 19:55:14 +0000

    net-misc/putty: add 0.80
    
    Bug: https://bugs.gentoo.org/920304
    Signed-off-by: Matthew Smith <matthew@gentoo.org>

 net-misc/putty/Manifest          |  1 +
 net-misc/putty/putty-0.80.ebuild | 92 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 93 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2023-12-20 09:26:28 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06e89ec5df3cb63155accce598f844a702bc1644

commit 06e89ec5df3cb63155accce598f844a702bc1644
Author:     Matthew Smith <matthew@gentoo.org>
AuthorDate: 2023-12-20 09:26:05 +0000
Commit:     Matthew Smith <matthew@gentoo.org>
CommitDate: 2023-12-20 09:26:05 +0000

    net-misc/putty: drop 0.78 (security cleanup)
    
    Bug: https://bugs.gentoo.org/920304
    Signed-off-by: Matthew Smith <matthew@gentoo.org>

 net-misc/putty/Manifest          |  1 -
 net-misc/putty/putty-0.78.ebuild | 91 ----------------------------------------
 2 files changed, 92 deletions(-)
Comment 3 Larry the Git Cow gentoo-dev 2024-07-05 06:44:03 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=ef4ede3580e51230138e8a4e2751362012d1cbe6

commit ef4ede3580e51230138e8a4e2751362012d1cbe6
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-07-05 06:43:24 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-07-05 06:43:58 +0000

    [ GLSA 202407-11 ] PuTTY: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/920304
    Bug: https://bugs.gentoo.org/930082
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202407-11.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)