[TSVN] Security Vulnerability in Putty affecting TortoiseSVN

From: Francis Irving <francis_at_flourish.org>
Date: 2004-08-07 07:49:05 CEST

(Sorry if this has been mentioned on the list already, but I couldn't
see it in the archive, and thought it important enough to post anyway)

Putty has a serious security hole, which I think TortoiseSVN (in
SVN+SSH mode, TortoisePlink) suffers from. The hole lets people gain
control of the client machine. Details here:

http://seclists.org/lists/bugtraq/2004/Aug/0049.html

There is a new version of Putty, 0.55, which has this fixed. See
the latest news on the Putty page:
http://www.chiark.greenend.org.uk/~sgtatham/putty/

If you haven't made one already, this probably warrants a security
release of TortoiseSVN for people using it in SVN+SSH mode.

I've told the TortoiseCVS people about this, and they have a new
stable release coming out in the next few days which they're going to
include a fix in. So you might be able to grab TortoisePlink from
them (not sure how it's been forked / not forked).

Francis

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
Received on Sat Aug 7 13:01:08 2004

This message: [ Message body ]
Next message: SteveKing: "Re: [TSVN] Security Vulnerability in Putty affecting TortoiseSVN"
Previous message: Jens Scheidtmann: "[TSVN] Re: Branch and Tag"
Next in thread: SteveKing: "Re: [TSVN] Security Vulnerability in Putty affecting TortoiseSVN"
Reply: SteveKing: "Re: [TSVN] Security Vulnerability in Putty affecting TortoiseSVN"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]