http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html These features are new in beta 0.67 (released 2016-03-05): - Security fix: a buffer overrun in the old-style SCP protocol when receiving the header of each file downloaded from the server is fixed. http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2563 - Windows PuTTY now sets its process ACL more restrictively, in an attempt to defend against malicious other processes reading sensitive data out of its memory. - Assorted other robustness fixes for crashes and memory leaks. - We have started using Authenticode to sign our Windows executables and installer.
Arch teams, please test and mark stable: =net-misc/putty-0.67 Targeted stable KEYWORDS : alpha amd64 hppa ppc ppc64 sparc x86
amd64 stable
Stable for HPPA PPC64.
x86 stable
Stable on alpha.
ppc stable
sparc stable. Maintainer(s), please cleanup.
Arches and Maintainer(s), Thank you for your work. New GLSA Request filed.
CVE-2016-2563 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2563): ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. //** TEMPORARY **// A buffer overrun in Putty in the old-style SCP protocol when receiving the header of each file downloaded from the server is fixed.
This issue was resolved and addressed in GLSA 201606-01 at https://security.gentoo.org/glsa/201606-01 by GLSA coordinator Yury German (BlueKnight)