Vulnerability CVE-2024-31497 fixed in 1.14.7?
161 views
Skip to first unread message
Jens Larsen
Apr 17, 2024, 5:09:21 AM4/17/24
to TortoiseSVN
Details on vulnerability can be found here:
https://nvd.nist.gov/vuln/detail/CVE-2024-31497
https://nvd.nist.gov/vuln/detail/CVE-2024-31497
The description mentions specifically: "This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6."
The release notes for 1.14.7 does not mention this vulnerability. Was that an oversight or has the vulnerability yet to be fixed?
Best regards,
Jens Larsen
Daniel Sahlberg
Apr 17, 2024, 5:16:09 AM4/17/24
to TortoiseSVN
This was fixed by updating PuTTY/plink to version 0.81.
Can you mention which release notes you are looking at?
I think the "What's New in TortoiseSVN 1.14" page is seldom updated for patch-releases.
The homepage news item "TortoiseSVN 1.14.7 released" does mention the security fix.
The ChangeLog.txt doesn't mention the updated PuTTY Plink, but it frequently omit this completely.
Kind regards,
Daniel
Jens Larsen
Apr 17, 2024, 5:37:41 AM4/17/24
to TortoiseSVN
I was checking the release notes found here:
The page states that "The current version is 1.14.7" and below it is a link to release notes that do not mention the security fix.
Thanks for confirming the fix!
Best regards,
Jens
Reply all
Reply to author
Forward
0 new messages