Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 920421 - <net-ftp/filezilla-3.66.4: Terrapin vulnerability
Summary: <net-ftp/filezilla-3.66.4: Terrapin vulnerability
Status: IN_PROGRESS
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa?]
Keywords:
Depends on: 920449
Blocks: CVE-2023-48795
  Show dependency tree
 
Reported: 2023-12-20 19:13 UTC by Torsten Kaiser
Modified: 2023-12-22 09:27 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Torsten Kaiser 2023-12-20 19:13:27 UTC 
Filezilla is also affected by this vulnerability, a new version has been released:

https://filezilla-project.org/
News
    2023-12-20 - FileZilla Client 3.66.4 released
    Fixed vulnerabilities:
        SFTP: Address Terrapin protocol vulerability
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-12-21 07:09:35 UTC 
We only put fixed versions-in-tree in the summary to make it easier to spot unfixed stuff. Also, CCing maintainers. Thanks for the report!
Comment 2 Bernard Cafarelli gentoo-dev 2023-12-21 08:06:15 UTC 
I just pushed 3.66.4 in tree, stable request in progress (it should be minor changes over current stable 3.66.1)
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-12-21 10:44:22 UTC 
Thank you!
Comment 4 Larry the Git Cow gentoo-dev 2023-12-22 08:38:26 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da726c98190866d3fa8ccfa9d585c84731169be4

commit da726c98190866d3fa8ccfa9d585c84731169be4
Author:     Bernard Cafarelli <voyageur@gentoo.org>
AuthorDate: 2023-12-22 08:38:17 +0000
Commit:     Bernard Cafarelli <voyageur@gentoo.org>
CommitDate: 2023-12-22 08:38:17 +0000

    net-ftp/filezilla: drop 3.66.1
    
    Bug: https://bugs.gentoo.org/920421
    Signed-off-by: Bernard Cafarelli <voyageur@gentoo.org>

 net-ftp/filezilla/Manifest                |  1 -
 net-ftp/filezilla/filezilla-3.66.1.ebuild | 75 -------------------------------
 2 files changed, 76 deletions(-)