Univention Bugzilla – Bug 48949
openssh: Multiple issues (4.3)
Last modified: 2019-03-13 14:22:15 CET
New Debian openssh 1:7.4p1-10+deb9u6 fixes: This update addresses the following issue: * Improper validation of object names allows malicious server to overwrite files via scp client (CVE-2019-6111)
--- mirror/ftp/4.3/unmaintained/component/4.3-3-errata/source/openssh_7.4p1-10+deb9u5.dsc +++ apt/ucs_4.3-0-errata4.3-3/source/openssh_7.4p1-10+deb9u6.dsc @@ -1,3 +1,10 @@ +1:7.4p1-10+deb9u6 [Fri, 01 Mar 2019 17:19:28 +0100] Salvatore Bonaccorso <carnil@debian.org>: + + * Non-maintainer upload by the Security Team. + * Apply upstream patch to make scp handle shell-style brace expansions + when checking that filenames sent by the server match what the client + requested (closes: #923486). + 1:7.4p1-10+deb9u5 [Fri, 08 Feb 2019 15:25:55 +0100] Yves-Alexis Perez <corsac@debian.org>: * Non-maintainer upload by the Security Team. <http://10.200.17.11/4.3-3/#2863728807039175078>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-3] 54c7fb9a32 Bug #48949: openssh 1:7.4p1-10+deb9u6 doc/errata/staging/openssh.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<http://errata.software-univention.de/ucs/4.3/454.html>