Bug 920421

Summary:	<net-ftp/filezilla-3.66.4: Terrapin vulnerability
Product:	Gentoo Security	Reporter:	Torsten Kaiser <Storklerk>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	IN_PROGRESS ---
Severity:	normal	CC:	dlan, voyageur
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B3 [glsa?]
Package list:		Runtime testing required:	---
Bug Depends on:	920449
Bug Blocks:	920280

Description Torsten Kaiser 2023-12-20 19:13:27 UTC

Filezilla is also affected by this vulnerability, a new version has been released:

https://filezilla-project.org/
News
    2023-12-20 - FileZilla Client 3.66.4 released
    Fixed vulnerabilities:
        SFTP: Address Terrapin protocol vulerability

Comment 1 Sam James archtester

2023-12-21 07:09:35 UTC

We only put fixed versions-in-tree in the summary to make it easier to spot unfixed stuff. Also, CCing maintainers. Thanks for the report!

Comment 2 Bernard Cafarelli gentoo-dev

2023-12-21 08:06:15 UTC

I just pushed 3.66.4 in tree, stable request in progress (it should be minor changes over current stable 3.66.1)

Comment 3 Sam James archtester

2023-12-21 10:44:22 UTC

Thank you!

Comment 4 Larry the Git Cow gentoo-dev

2023-12-22 08:38:26 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da726c98190866d3fa8ccfa9d585c84731169be4

commit da726c98190866d3fa8ccfa9d585c84731169be4
Author:     Bernard Cafarelli <voyageur@gentoo.org>
AuthorDate: 2023-12-22 08:38:17 +0000
Commit:     Bernard Cafarelli <voyageur@gentoo.org>
CommitDate: 2023-12-22 08:38:17 +0000

    net-ftp/filezilla: drop 3.66.1
    
    Bug: https://bugs.gentoo.org/920421
    Signed-off-by: Bernard Cafarelli <voyageur@gentoo.org>

 net-ftp/filezilla/Manifest                |  1 -
 net-ftp/filezilla/filezilla-3.66.1.ebuild | 75 -------------------------------
 2 files changed, 76 deletions(-)