Package: ssh Severity: important Tags: security patch Hi! http://bugzilla.mindrot.org/show_bug.cgi?id=1094 describes a flaw in scp: it expands shell characters and escapes twice which could lead to unwanted shell code execution. It affects cases where scp is used to transfer untrusted directories, but this could happen in automated systems, cron jobs, etc. The reporter provided a patch, but it has not yet been acknowledged by upstream. Please mention the CVE number in the changelog when you fix this. Thanks, Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates?
Attachment:
signature.asc
Description: Digital signature