openssh_7.4p1-10+deb9u5_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates

To: Yves-Alexis Perez <corsac@debian.org>, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Subject: openssh_7.4p1-10+deb9u5_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sat, 09 Feb 2019 21:47:35 +0000
Message-id: <[🔎] E1gsaTH-0003Ob-FS@fasolo.debian.org>


Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 08 Feb 2019 15:25:55 +0100
Source: openssh
Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:7.4p1-10+deb9u5
Distribution: stretch-security
Urgency: high
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Yves-Alexis Perez <corsac@debian.org>
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 793412 919101
Changes:
 openssh (1:7.4p1-10+deb9u5) stretch; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2018-20685: disallow empty filenames or ones that refer to the current
     directory (Closes: #919101)
   * CVE-2019-6109: sanitize scp filenames via snmprintf (Closes: #793412)
   * CVE-2019-6111: check in scp client that filenames sent during
     remote->local directory copies satisfy the wildcards specified by the user
Checksums-Sha1:
 2d038f4859239b51adbee98682205f463261b664 2579 openssh_7.4p1-10+deb9u5.dsc
 72bea04dd41ffc65144ab64ac403736a22f39c2a 168672 openssh_7.4p1-10+deb9u5.debian.tar.xz
Checksums-Sha256:
 ee597af8d79c7d06c861d6b93c0a0815043bb3af38610a1fccc75586025cdf26 2579 openssh_7.4p1-10+deb9u5.dsc
 9f7c9e08e1a3b4dfe974a700be18919c2f03e6e22d1284999c101147d2f636f7 168672 openssh_7.4p1-10+deb9u5.debian.tar.xz
Files:
 17d02f62aa25e2294dfd4c66ac32a57b 2579 net standard openssh_7.4p1-10+deb9u5.dsc
 7cc33cd435d3811e856ba631724620da 168672 net standard openssh_7.4p1-10+deb9u5.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlxeupoACgkQ3rYcyPpX
RFtqTQgA5zlaJqHdhZx9zHnYHT+oKswV+A06XwgFieQXMeqNlSaPidSv0m+vzYAD
UP3cBeC6Sse8beVtdkngCr+SzHWtAePxgL1pmS/9fY9B0Jl9iJQ6X8D3wYnAZhFa
Gde7vHkeUMg8ToVPnxQ+hsCkwQ85mqj60r489udBePcbXFQhziiUZzYxUcq3/t8O
hc4134tfl2BhCWwMrI/gvFd/daqrWm6S0drL/CnUS3LJ+5DvQJq68nS+K2Nq3Q3h
REddZ8XZSQIokw0TswFELsCWGI+RflxxQmvzRs+NUugLjGLSosV4fXroh5QjMTZs
C02dEH/xsY+1MWGuBn9v5cIUw8hGJw==
=lF3o
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.

Reply to:

Prev by Date: Bug#919101: marked as done (openssh: CVE-2018-20685: scp.c in the scp client allows remote SSH servers to bypass intended access restrictions)
Next by Date: Bug#922205: openssh-client: scp regression: CVE-2019-6111 fix breaks syntax to overwrite target directory permissions
Previous by thread: Bug#919101: marked as done (openssh: CVE-2018-20685: scp.c in the scp client allows remote SSH servers to bypass intended access restrictions)
Next by thread: Bug#922205: openssh-client: scp regression: CVE-2019-6111 fix breaks syntax to overwrite target directory permissions
Index(es):
- Date
- Thread