FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-01-25 14:24:43 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
91955195-9ebb-11ee-bc14-a703705db3a6putty -- add protocol extension against 'Terrapin attack'

Simon Tatham reports:

PuTTY version 0.80 [contains] one security fix [...] for a newly discovered security issue known as the 'Terrapin' attack, also numbered CVE-2023-48795. The issue affects widely-used OpenSSH extensions to the SSH protocol: the ChaCha20+Poly1305 cipher system, and 'encrypt-then-MAC' mode.

In order to benefit from the fix, you must be using a fixed version of PuTTY _and_ a server with the fix, so that they can agree to adopt a modified version of the protocol. [...]


Discovery 2023-10-16
Entry 2023-12-19
putty
< 0.80

putty-nogtk
< 0.80

CVE-2023-48795
https://lists.tartarus.org/pipermail/putty-announce/2023/000037.html
https://www.openssh.com/txt/release-9.6
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
https://terrapin-attack.com/