Format: 1.8 Date: Thu, 31 Jan 2019 08:35:48 -0500 Source: openssh Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: amd64 amd64_translations all Version: 1:7.7p1-4ubuntu0.2 Distribution: cosmic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad Changes: openssh (1:7.7p1-4ubuntu0.2) cosmic-security; urgency=medium . * SECURITY UPDATE: access restrictions bypass in scp - debian/patches/CVE-2018-20685.patch: disallow empty filenames or ones that refer to the current directory in scp.c. - CVE-2018-20685 * SECURITY UPDATE: scp client spoofing via object name - debian/patches/CVE-2019-6109.patch: make sure the filenames match the wildcard specified by the user, and add new flag to relax the new restrictions in scp.c, scp.1. - CVE-2019-6109 * SECURITY UPDATE: scp client missing received object name validation - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via snmprintf in atomicio.c, progressmeter.c, progressmeter.h, scp.c, sftp-client.c. - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in progressmeter.c, progressmeter.h, scp.c, sftp-client.c. - CVE-2019-6111 Checksums-Sha1: 9a6def430a2f5e7165a18061b0ccf9ad2545493c 3499904 openssh-client-dbgsym_7.7p1-4ubuntu0.2_amd64.ddeb 859fe92410fdd5a0e9fd77248c056654d7f620cf 278704 openssh-client-udeb_7.7p1-4ubuntu0.2_amd64.udeb 76f5a9da01e99829713330a1a64ef174949ea085 626632 openssh-client_7.7p1-4ubuntu0.2_amd64.deb 6c1674a6966a226f45953b067966bc3debc5bb7b 1041704 openssh-server-dbgsym_7.7p1-4ubuntu0.2_amd64.ddeb a1d355bdd94119f799d1d75121743a63903a2a5b 288556 openssh-server-udeb_7.7p1-4ubuntu0.2_amd64.udeb f810639e44432be0d8694b113918125853fcae02 336960 openssh-server_7.7p1-4ubuntu0.2_amd64.deb b6a5f88181cfb472cf568dad636a34757a0d1bbc 139784 openssh-sftp-server-dbgsym_7.7p1-4ubuntu0.2_amd64.ddeb 1634963163cd0eb33962e206aaadb9db69c26fa8 46028 openssh-sftp-server_7.7p1-4ubuntu0.2_amd64.deb a4af3627086bd66d6ac120f8e9372e0b5bf9ba05 17577 openssh_7.7p1-4ubuntu0.2_amd64.buildinfo ad8de2817d89610919334277ddfdc466311c7f4d 8486 openssh_7.7p1-4ubuntu0.2_amd64_translations.tar.gz 42d8828ab1d5ef6bca4a3d897a0952d985ff0216 12428 ssh-askpass-gnome-dbgsym_7.7p1-4ubuntu0.2_amd64.ddeb bad5b9c5096a0f73c2ef8021795dfc63fc99b8c8 17168 ssh-askpass-gnome_7.7p1-4ubuntu0.2_amd64.deb bbc983199bf942af2e2b29bcd11ec919bb3df788 5072 ssh_7.7p1-4ubuntu0.2_all.deb Checksums-Sha256: 7a50eb672c4b6774c6c6aa9fa03e5025577a7a94897facc609c316bcb2e35517 3499904 openssh-client-dbgsym_7.7p1-4ubuntu0.2_amd64.ddeb 9ab7590f873a0bb2a35451c06b4b16552fee27ad4866174c945d7b5b3aa68225 278704 openssh-client-udeb_7.7p1-4ubuntu0.2_amd64.udeb 453463b721494835ff3c1e73527f82b81b98e4404a3a3f8b0da7b6be848c345d 626632 openssh-client_7.7p1-4ubuntu0.2_amd64.deb aa392d16d64161376160d987c710fd4d99cef811b20eabcbb3dd17195c2ec6c4 1041704 openssh-server-dbgsym_7.7p1-4ubuntu0.2_amd64.ddeb 5e2376c138eb4ae05d113903339781fd419a88126ab9f67964340fd6bda194ea 288556 openssh-server-udeb_7.7p1-4ubuntu0.2_amd64.udeb c4604fb1d3ac8157a77dc084de45faa747c68fa57ca32d95261568f3616f4e98 336960 openssh-server_7.7p1-4ubuntu0.2_amd64.deb b761cd7d132a0856cd9c20cfd5e7805280b54c2097a66b80e18a4b0aefb92da7 139784 openssh-sftp-server-dbgsym_7.7p1-4ubuntu0.2_amd64.ddeb e48d5ad0866ef78ef920b51511547da3d30f80b2bba08748c6c3884429b90abb 46028 openssh-sftp-server_7.7p1-4ubuntu0.2_amd64.deb 1e95842c92ac3c2cc56aaaf35907b064e9c83abb1815a35a0daceec5e1ff72d7 17577 openssh_7.7p1-4ubuntu0.2_amd64.buildinfo e4dc15a51a36872873f9bb54ec4dc4c060fa4d65687c9394abf9b5fc774a7eb5 8486 openssh_7.7p1-4ubuntu0.2_amd64_translations.tar.gz 3425049a1016f3b5273299be056ed39ddcfbaf63031806845f934a8c33912c03 12428 ssh-askpass-gnome-dbgsym_7.7p1-4ubuntu0.2_amd64.ddeb b6373ba03e203a3de20e47c6b25f822c30b0b26f6616431ac7f600c1473d1491 17168 ssh-askpass-gnome_7.7p1-4ubuntu0.2_amd64.deb f40ab1701d1528f49a69a02401acfbb812c335b06069b51393af204a51395773 5072 ssh_7.7p1-4ubuntu0.2_all.deb Files: 0f24f65121983ca30296639c19b324a5 3499904 debug optional openssh-client-dbgsym_7.7p1-4ubuntu0.2_amd64.ddeb 36ed2bf2637a059bbb97b0abede11fd8 278704 debian-installer optional openssh-client-udeb_7.7p1-4ubuntu0.2_amd64.udeb 0d914a66221a9a48d1c9c2e7c785d606 626632 net standard openssh-client_7.7p1-4ubuntu0.2_amd64.deb 1ffb87c8fbcdb20caacbc023997ca1ce 1041704 debug optional openssh-server-dbgsym_7.7p1-4ubuntu0.2_amd64.ddeb 0f4d2dea458f0087a9e8f327c6501015 288556 debian-installer optional openssh-server-udeb_7.7p1-4ubuntu0.2_amd64.udeb 626c6252cf51c00285a047382de7a798 336960 net optional openssh-server_7.7p1-4ubuntu0.2_amd64.deb 34c074a09a737735e30b992bdca30918 139784 debug optional openssh-sftp-server-dbgsym_7.7p1-4ubuntu0.2_amd64.ddeb ba626106fe3396f31c43dbfdb7879da0 46028 net optional openssh-sftp-server_7.7p1-4ubuntu0.2_amd64.deb 1aa9cff487345a106b605ca078874945 17577 net standard openssh_7.7p1-4ubuntu0.2_amd64.buildinfo a50075c9789c9dab54b247c24555ba2e 8486 raw-translations - openssh_7.7p1-4ubuntu0.2_amd64_translations.tar.gz 1e4cbd257c07c2ecb44858360acf1545 12428 debug optional ssh-askpass-gnome-dbgsym_7.7p1-4ubuntu0.2_amd64.ddeb bd5179cdb2058f29156572ffaaa24e37 17168 gnome optional ssh-askpass-gnome_7.7p1-4ubuntu0.2_amd64.deb 8c018d5d569207b4edc56c9e38f4d85b 5072 net optional ssh_7.7p1-4ubuntu0.2_all.deb Original-Maintainer: Debian OpenSSH Maintainers