Summary: | <net-misc/putty-0.76: malicious server prompt spoofing (CVE-2021-36367) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | polynomial-c |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://git.tartarus.org/?p=simon/putty.git;a=commit;h=1dc5659aa62848f0aeb5de7bd3839fecc7debefa | ||
Whiteboard: | B4 [noglsa] | ||
Package list: |
net-misc/putty-0.76
|
Runtime testing required: | --- |
Description
John Helmert III
2021-07-11 02:48:55 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fc1ef8f35eaf642458b997fe736f7a02dc7659c1 commit fc1ef8f35eaf642458b997fe736f7a02dc7659c1 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2021-07-17 18:23:06 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2021-07-17 18:25:01 +0000 net-misc/putty: Security bump to version 0.76 Bug: https://bugs.gentoo.org/801517 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> net-misc/putty/Manifest | 1 + net-misc/putty/putty-0.76.ebuild | 95 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 96 insertions(+) amd64 stable sparc stable x86 stable ppc done ppc64 done all arches done Please cleanup, thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4c4567e7f8b564ed5da6a6b4da9fb443e4859a49 commit 4c4567e7f8b564ed5da6a6b4da9fb443e4859a49 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2021-07-26 06:59:12 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2021-07-26 06:59:32 +0000 net-misc/putty: Security cleanup Bug: https://bugs.gentoo.org/801517 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> net-misc/putty/Manifest | 1 - net-misc/putty/putty-0.75.ebuild | 95 ---------------------------------------- 2 files changed, 96 deletions(-) Only exploitable via a malicious server - very low impact as users tend to trust the server they're connecting to. No GLSA. Sorry it took so long to get to this. |