Format: 1.8 Date: Thu, 31 Jan 2019 08:35:48 -0500 Source: openssh Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: arm64 arm64_translations Version: 1:7.7p1-4ubuntu0.2 Distribution: cosmic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad Changes: openssh (1:7.7p1-4ubuntu0.2) cosmic-security; urgency=medium . * SECURITY UPDATE: access restrictions bypass in scp - debian/patches/CVE-2018-20685.patch: disallow empty filenames or ones that refer to the current directory in scp.c. - CVE-2018-20685 * SECURITY UPDATE: scp client spoofing via object name - debian/patches/CVE-2019-6109.patch: make sure the filenames match the wildcard specified by the user, and add new flag to relax the new restrictions in scp.c, scp.1. - CVE-2019-6109 * SECURITY UPDATE: scp client missing received object name validation - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via snmprintf in atomicio.c, progressmeter.c, progressmeter.h, scp.c, sftp-client.c. - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in progressmeter.c, progressmeter.h, scp.c, sftp-client.c. - CVE-2019-6111 Checksums-Sha1: a020a751a976111d9e726d2e5145cd6aadbd587e 3473708 openssh-client-dbgsym_7.7p1-4ubuntu0.2_arm64.ddeb a2034f66a3e337d336d2dd53282cf0625db3d9de 263032 openssh-client-udeb_7.7p1-4ubuntu0.2_arm64.udeb f1c0f9c246d94f7f3d8165c75168074d9b79498f 579804 openssh-client_7.7p1-4ubuntu0.2_arm64.deb 0a343210b45b8d79fcc9220d5a15a7790dc272d0 1036160 openssh-server-dbgsym_7.7p1-4ubuntu0.2_arm64.ddeb 8f3fc47175dfb080ad8c48292044373940e657d9 268508 openssh-server-udeb_7.7p1-4ubuntu0.2_arm64.udeb 1cc42daffcac99a41ecef05ac14fb47e5e6305d4 315356 openssh-server_7.7p1-4ubuntu0.2_arm64.deb f863f8f6cf19c2b9ac7d934eb8ac13cbdd541e93 140116 openssh-sftp-server-dbgsym_7.7p1-4ubuntu0.2_arm64.ddeb c9ef3000a55816369d29dd7cf13139d544512afa 43424 openssh-sftp-server_7.7p1-4ubuntu0.2_arm64.deb f8af9253468411bbd3f83c20cf61b73c35a363c9 17304 openssh_7.7p1-4ubuntu0.2_arm64.buildinfo dafc813592d04bd2a727c052cd210570a0114966 8509 openssh_7.7p1-4ubuntu0.2_arm64_translations.tar.gz 2e5aa16b884347c31200ae68d9a5bd6114575f2d 12628 ssh-askpass-gnome-dbgsym_7.7p1-4ubuntu0.2_arm64.ddeb ab37ddc36c6937b1494f12159c83b1c5e035782e 16980 ssh-askpass-gnome_7.7p1-4ubuntu0.2_arm64.deb Checksums-Sha256: 703b7a6127d83543ebb74c33071e1568fb160da07f15d2af09b4ab7e78e16832 3473708 openssh-client-dbgsym_7.7p1-4ubuntu0.2_arm64.ddeb 5d457f79ddd033fa8ca315387ade2af707dbe6ba530f99847b07648f93b54dd8 263032 openssh-client-udeb_7.7p1-4ubuntu0.2_arm64.udeb 291dbcde974843361ffa927ce9767f05b7bb9ddf926f5bb4f0a2d99d6884a0c7 579804 openssh-client_7.7p1-4ubuntu0.2_arm64.deb 7396cc024b7c52c4121c6e3c1d938a9c4b8210a87de8ade399a27c2dd252edf9 1036160 openssh-server-dbgsym_7.7p1-4ubuntu0.2_arm64.ddeb 451e8130464bccfb3b74686b4b50ee445b31fbaa44ffef03d6625e7cb77b8983 268508 openssh-server-udeb_7.7p1-4ubuntu0.2_arm64.udeb feb85d1755280d927abe4bcb9230512e1a32a40b448d23e9b179c9bf017b3931 315356 openssh-server_7.7p1-4ubuntu0.2_arm64.deb 6e8686d1dd913af2081fd6ca80833e4a9c21e2611b0129c10676ee2571ea7b34 140116 openssh-sftp-server-dbgsym_7.7p1-4ubuntu0.2_arm64.ddeb cb032b8aa88c52501a41ad5ce009d20afd481c4fdbc3002e8420f17a1dece00f 43424 openssh-sftp-server_7.7p1-4ubuntu0.2_arm64.deb 13b16a833291cd9cb87920097ef3840f27b362366e584b5d2f45fd217356fcd4 17304 openssh_7.7p1-4ubuntu0.2_arm64.buildinfo b0a01780ce96b48f717b28febb9711dcf372b1581c0725c2fe657970f1924a89 8509 openssh_7.7p1-4ubuntu0.2_arm64_translations.tar.gz 6805398cfac7f1ac2537a367ed0b41896a1d89e408403239189060b2a3424280 12628 ssh-askpass-gnome-dbgsym_7.7p1-4ubuntu0.2_arm64.ddeb 4b7f12cdb10c62af22ce06b25e5386aab29993dc46af677a82b8861c5639d750 16980 ssh-askpass-gnome_7.7p1-4ubuntu0.2_arm64.deb Files: f8b92982aab7f513ac58169c56e972a9 3473708 debug optional openssh-client-dbgsym_7.7p1-4ubuntu0.2_arm64.ddeb e7f5b4d2c19e0a641af3251db4097146 263032 debian-installer optional openssh-client-udeb_7.7p1-4ubuntu0.2_arm64.udeb 25a74fedbb1bf82d16c9f03878de2297 579804 net standard openssh-client_7.7p1-4ubuntu0.2_arm64.deb f7db6471976ae15a4f0a9052ab6350c5 1036160 debug optional openssh-server-dbgsym_7.7p1-4ubuntu0.2_arm64.ddeb ccbbfaa7c6f095cc5b94611cd7fd6bec 268508 debian-installer optional openssh-server-udeb_7.7p1-4ubuntu0.2_arm64.udeb 90df3edd67ffd87943aba062cab29bd5 315356 net optional openssh-server_7.7p1-4ubuntu0.2_arm64.deb 06167fd301d6c19989773d8fd71c6ef8 140116 debug optional openssh-sftp-server-dbgsym_7.7p1-4ubuntu0.2_arm64.ddeb fe81ac89696f54e5a5a62d8510a196ac 43424 net optional openssh-sftp-server_7.7p1-4ubuntu0.2_arm64.deb 4f2344ca88d4323c7b0874d600efb6db 17304 net standard openssh_7.7p1-4ubuntu0.2_arm64.buildinfo f1f42f67121da39a1f3a0d6842e042fc 8509 raw-translations - openssh_7.7p1-4ubuntu0.2_arm64_translations.tar.gz c8bfc01c2b46c71ecb3471d608f42413 12628 debug optional ssh-askpass-gnome-dbgsym_7.7p1-4ubuntu0.2_arm64.ddeb 3eedc0e11c98ad1248b2454f261673dc 16980 gnome optional ssh-askpass-gnome_7.7p1-4ubuntu0.2_arm64.deb Original-Maintainer: Debian OpenSSH Maintainers