Package: filezilla Severity: grave Tags: security patch upstream Hi,
the following vulnerability was published for putty, but filezilla embedds putty source: CVE-2013-4852[0]: PuTTY SSH handshake heap overflow See the advisory [1] for details referring to putty commit [2]. AFAICS filezilla embedding putty in vulnerable version is used in build for fzsftp. See [3] for the corresponding bugreport for putty itself. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://security-tracker.debian.org/tracker/CVE-2013-4852 [1] http://www.search-lab.hu/advisories/secadv-20130722 [2] http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896 [3] http://bugs.debian.org/718779 Please adjust the affected versions in the BTS as needed. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
