Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 920304

Summary: <net-misc/putty-0.80: Terrapin vulnerability
Product: Gentoo Security Reporter: Hanno Böck <hanno>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: matthew
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
Whiteboard: B3 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 920340    
Bug Blocks: 920280    

Description Hanno Böck gentoo-dev 2023-12-19 07:37:56 UTC
net-misc/putty-0.80 contains the mitigation for the Terrapin vulnerability:
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html

"Security fix: support for OpenSSH's new kex-strict protocol modification, addressing a vulnerability in some @openssh.com cipher and MAC modes, in particular ChaCha20+Poly1305. "
Comment 1 Larry the Git Cow gentoo-dev 2023-12-19 19:59:02 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bd44ffd68222824e8144fc501cf46eb12a39a311

commit bd44ffd68222824e8144fc501cf46eb12a39a311
Author:     Matthew Smith <matthew@gentoo.org>
AuthorDate: 2023-12-19 19:55:14 +0000
Commit:     Matthew Smith <matthew@gentoo.org>
CommitDate: 2023-12-19 19:55:14 +0000

    net-misc/putty: add 0.80
    
    Bug: https://bugs.gentoo.org/920304
    Signed-off-by: Matthew Smith <matthew@gentoo.org>

 net-misc/putty/Manifest          |  1 +
 net-misc/putty/putty-0.80.ebuild | 92 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 93 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2023-12-20 09:26:28 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06e89ec5df3cb63155accce598f844a702bc1644

commit 06e89ec5df3cb63155accce598f844a702bc1644
Author:     Matthew Smith <matthew@gentoo.org>
AuthorDate: 2023-12-20 09:26:05 +0000
Commit:     Matthew Smith <matthew@gentoo.org>
CommitDate: 2023-12-20 09:26:05 +0000

    net-misc/putty: drop 0.78 (security cleanup)
    
    Bug: https://bugs.gentoo.org/920304
    Signed-off-by: Matthew Smith <matthew@gentoo.org>

 net-misc/putty/Manifest          |  1 -
 net-misc/putty/putty-0.78.ebuild | 91 ----------------------------------------
 2 files changed, 92 deletions(-)
Comment 3 Larry the Git Cow gentoo-dev 2024-07-05 06:44:03 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=ef4ede3580e51230138e8a4e2751362012d1cbe6

commit ef4ede3580e51230138e8a4e2751362012d1cbe6
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-07-05 06:43:24 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-07-05 06:43:58 +0000

    [ GLSA 202407-11 ] PuTTY: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/920304
    Bug: https://bugs.gentoo.org/930082
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202407-11.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)