Summary: | <net-misc/putty-0.67 buffer overrun in the old-style SCP protocol (CVE-2016-2563) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Frank Krömmelbein <kroemmelbein> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | jer |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | C2 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Frank Krömmelbein
2016-03-05 15:27:15 UTC
Arch teams, please test and mark stable: =net-misc/putty-0.67 Targeted stable KEYWORDS : alpha amd64 hppa ppc ppc64 sparc x86 amd64 stable Stable for HPPA PPC64. x86 stable Stable on alpha. ppc stable sparc stable. Maintainer(s), please cleanup. Arches and Maintainer(s), Thank you for your work. New GLSA Request filed. CVE-2016-2563 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2563): ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. //** TEMPORARY **// A buffer overrun in Putty in the old-style SCP protocol when receiving the header of each file downloaded from the server is fixed. This issue was resolved and addressed in GLSA 201606-01 at https://security.gentoo.org/glsa/201606-01 by GLSA coordinator Yury German (BlueKnight) |