putty -- pscp/psftp heap corruption vulnerabilities

Simon Tatham reports:

This version fixes a security hole in previous versions
of PuTTY, which can allow a malicious SFTP server to
attack your client. If you use either PSCP or PSFTP, you
should upgrade. Users of the main PuTTY program are not
affected. (However, note that the server must have passed
host key verification before this attack can be launched,
so a man-in-the-middle shouldn’t be able to attack you if
you’re careful.)