Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 920421

Summary: <net-ftp/filezilla-3.66.4: Terrapin vulnerability
Product: Gentoo Security Reporter: Torsten Kaiser <Storklerk>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: normal CC: dlan, voyageur
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 920449    
Bug Blocks: 920280    

Description Torsten Kaiser 2023-12-20 19:13:27 UTC
Filezilla is also affected by this vulnerability, a new version has been released:
    2023-12-20 - FileZilla Client 3.66.4 released
    Fixed vulnerabilities:
        SFTP: Address Terrapin protocol vulerability
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-12-21 07:09:35 UTC
We only put fixed versions-in-tree in the summary to make it easier to spot unfixed stuff. Also, CCing maintainers. Thanks for the report!
Comment 2 Bernard Cafarelli gentoo-dev 2023-12-21 08:06:15 UTC
I just pushed 3.66.4 in tree, stable request in progress (it should be minor changes over current stable 3.66.1)
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-12-21 10:44:22 UTC
Thank you!
Comment 4 Larry the Git Cow gentoo-dev 2023-12-22 08:38:26 UTC
The bug has been referenced in the following commit(s):

commit da726c98190866d3fa8ccfa9d585c84731169be4
Author:     Bernard Cafarelli <>
AuthorDate: 2023-12-22 08:38:17 +0000
Commit:     Bernard Cafarelli <>
CommitDate: 2023-12-22 08:38:17 +0000

    net-ftp/filezilla: drop 3.66.1
    Signed-off-by: Bernard Cafarelli <>

 net-ftp/filezilla/Manifest                |  1 -
 net-ftp/filezilla/filezilla-3.66.1.ebuild | 75 -------------------------------
 2 files changed, 76 deletions(-)