Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 82753 - net-misc/putty: sftp vulnerability
Summary: net-misc/putty: sftp vulnerability
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa] lewk
Depends on:
Reported: 2005-02-20 19:15 UTC by Jeff Davidson
Modified: 2005-02-22 11:30 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Jeff Davidson 2005-02-20 19:15:46 UTC
2005-02-20 SECURITY HOLE, fixed in PuTTY 0.57

PuTTY 0.57, released today, fixes two security holes which can allow a malicious SFTP server to execute code of its choice on a PSCP or PSFTP client connecting to it. We recommend everybody upgrade to 0.57 as soon as possible. 

I would test, but I'm not on gentoo atm, just looking through some things and noticed this, so I figured it would be beneficial to mention here.  Latest in portage is 0.56.

Reproducible: Always
Steps to Reproduce:
Comment 1 Luke Macken (RETIRED) gentoo-dev 2005-02-20 19:39:37 UTC
taviso, please bump to 0.57.
Comment 2 Tavis Ormandy (RETIRED) gentoo-dev 2005-02-21 00:43:56 UTC
Comment 3 Luke Macken (RETIRED) gentoo-dev 2005-02-21 13:01:57 UTC
GLSA 200502-28
Comment 4 Simon Stelling (RETIRED) gentoo-dev 2005-02-22 11:18:18 UTC
i lately marked it stable on amd64. at least amd64@g.o was never added to cc according to my mails. now keywords are KEYWORDS="x86 alpha ~ppc ~sparc amd64"

i saw the glsa, but shouldn't all arches be stable before this is announced?
Comment 5 Luke Macken (RETIRED) gentoo-dev 2005-02-22 11:30:28 UTC
No arches were called on this because the maintainer retained the KEYWORDS from the previous version (which was "x86 alpha ~ppc ~sparc ~amd64").