From here: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html "Versions of PuTTY and pterm between 0.54 and 0.65 inclusive have a potentially memory-corrupting integer overflow in the handling of the ECH (erase characters) control sequence in the terminal emulator." 0.66 is out and fixes this issue. Another sec issue was found but only in unreleased code: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ecdsa-newkey.html (may be relevant for users of the -9999 ebuild, not sure)
Arch teams, please test and mark stable: =net-misc/putty-0.66 Targeted stable KEYWORDS : alpha amd64 hppa ppc ppc64 sparc x86
Stable for PPC64.
Stable for HPPA.
amd64 stable
x86 stable
ppc stable
sparc stable
alpha stable. Maintainer(s), please cleanup.
Complete was completed. Added to existing GLSA.
This issue was resolved and addressed in GLSA 201606-01 at https://security.gentoo.org/glsa/201606-01 by GLSA coordinator Yury German (BlueKnight)