Bug 696092 (CVE-2019-17068, CVE-2019-17069)

Summary:	<net-misc/putty-0.73: multiple vulnerabilities (CVE-2019-{17068,17069}}
Product:	Gentoo Security	Reporter:	Jeroen Roovers (RETIRED) <jer>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	trivial	Flags:	stable-bot: sanity-check+
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B4 [noglsa cve]
Package list:	=net-misc/putty-0.73	Runtime testing required:	---

Description Jeroen Roovers (RETIRED) gentoo-dev

2019-10-03 04:19:40 UTC

https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html says about 0.73:

 * Security fix: in bracketed paste mode, the terminal escape sequences that should delimit the pasted data were appearing together on one side of it, making it possible to misidentify pasted data as manual keyboard input.
(* Bug fix (possibly security-related): an SSH-1 server sending a disconnection message could cause an access to freed memory.)

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2019-10-06 21:31:53 UTC

x86 stable

Comment 2 Agostino Sarubbo gentoo-dev

2019-10-07 08:46:58 UTC

amd64 stable

Comment 3 Agostino Sarubbo gentoo-dev

2019-10-07 09:50:59 UTC

ppc stable

Comment 4 Agostino Sarubbo gentoo-dev

2019-10-07 09:53:44 UTC

ppc64 stable

Comment 5 Matt Turner gentoo-dev

2019-10-14 02:33:46 UTC

alpha keywords dropped to unstable

all arches done

Comment 6 Agostino Sarubbo gentoo-dev

2019-10-14 11:31:59 UTC

sparc stable.

Maintainer(s), please cleanup.
Security, please vote.

Comment 7 Thomas Deutschmann (RETIRED) gentoo-dev

2019-10-26 18:11:16 UTC

GLSA Vote: No!

Repository is clean, all done!