Hm, yes. That doesn't look like Core's advisory; that's just a translation into advisory format of the information on the PuTTY website. Though I suppose that's still useful, just for the benefit of people who watch advisory channels and expect to thereby be informed about what they need to upgrade.
The draft advisory Core sent me contained actual information about the precise problem (although it was somewhat incoherent - I'm vaguely hoping they'll let me send them additional text to help it make more sense), and that doesn't seem to have been published yet.
Well, Secunia do say that they are a clearing house for security adversies from all over the place so its not really surprising that they probably took the advisory from the PuTTY home page.
As for the Core advisory being a little incoherent, I'm not surprised given their track record on writing stuff which I've seen on FD and other places!
The Core advisory is now up (CORE-2004-0705), in case you're interested. Also I've published my own writeups of the two issues: vuln-modpow and vuln-ssh1-kex. I've mailed those links to both Core and Secunia, so with any luck they can issue revised versions of their advisories that actually say something useful.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
The draft advisory Core sent me contained actual information about the precise problem (although it was somewhat incoherent - I'm vaguely hoping they'll let me send them additional text to help it make more sense), and that doesn't seem to have been published yet.
As for the Core advisory being a little incoherent, I'm not surprised given their track record on writing stuff which I've seen on FD and other places!