Use of PuTTY / pageant, CVE-2024-3149
9 views
Skip to first unread message
Henkel, Dirk
Apr 17, 2024, 5:15:50 PMApr 17
to thg...@googlegroups.com
Dear TortoiseHg devs,
reading about the PuTTY vulnerability CVE-2024-3149, I found the version
control frontends TortoiseGit and TortoiseSVN in the list of affected
programs, but not (yet) TortoiseHg, although TortoiseHg also includes
the PuTTY tool "pageant".
So should TortoiseHg also be included in the list of the
PuTTY-downstream projects affected by CVE-2024-3149?
Or is the use of the "pageant" tool in TortoiseHg so different from that
in f.i. TortoiseGit that TortoiseHg is not affected by CVE-2024-3149?
Best regards,
Dirk Henkel
reading about the PuTTY vulnerability CVE-2024-3149, I found the version
control frontends TortoiseGit and TortoiseSVN in the list of affected
programs, but not (yet) TortoiseHg, although TortoiseHg also includes
the PuTTY tool "pageant".
So should TortoiseHg also be included in the list of the
PuTTY-downstream projects affected by CVE-2024-3149?
Or is the use of the "pageant" tool in TortoiseHg so different from that
in f.i. TortoiseGit that TortoiseHg is not affected by CVE-2024-3149?
Best regards,
Dirk Henkel
Matt Harbison
Apr 18, 2024, 12:09:28 AMApr 18
to TortoiseHg Developers
It looks like TortoiseHg bundled plink from TortoiseGit and Pagent awhile ago[1]. No idea if these versions are affected, but we should probably update just because it's been awhile.
Reply all
Reply to author
Forward
0 new messages