-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 28 Jan 2019 21:03:59 -0800 Source: rssh Architecture: source Version: 2.3.4-9 Distribution: unstable Urgency: high Maintainer: Russ Allbery <rra@debian.org> Changed-By: Russ Allbery <rra@debian.org> Closes: 919623 Changes: rssh (2.3.4-9) unstable; urgency=high . [ Russ Allbery ] * Validate the allowed scp command line and only permit the flags used in server mode and only a single argument, to attempt to prevent use of ssh options to run arbitrary code on the server. This will break scp -3 to a system running rssh, which seems like an acceptable loss. (Closes: #919623, CVE-2019-1000018) * Tighten validation of the rsync command line to require --server be the first argument, which should prevent initiation of an outbound rsync command from the server, which in turn might allow execution of arbitrary code via ssh configuration similar to scp. * Add validation of the server command line after chroot when chroot is enabled. Prior to this change, dangerous argument filtering was not done when chroot was configured, allowing remote code execution inside the chroot in some configurations via the previous two bugs and via the mechanisms in CVE-2012-2251 and CVE-2012-2252. * Document that the cvs server-side dangerous option filtering is probably insufficient and should not be considered secure. * Remove ancient upgrade support in debian/postinst. * Remove debian/source/options, which was forcing compression to xz (now the default). * Update to debhelper compatibility level V12. * Update standards version to 4.3.0 (no changes required). . [ Ondřej Nový ] * d/watch: Use https protocol Checksums-Sha1: 42eccc8a40da4bccb24eb1cae17e5f60b95cae52 1548 rssh_2.3.4-9.dsc ef0b4a667e16c3f09209dd6c049e5bed6e4f119a 29704 rssh_2.3.4-9.debian.tar.xz Checksums-Sha256: 59a60a8c4c703752afd349e56a5acf848f4e6a8ba9a7de14b25b8522a716711e 1548 rssh_2.3.4-9.dsc aae025b0d9b2d335ad140ecb872b97ec162cd26aae81aaf979d97478db9a4a24 29704 rssh_2.3.4-9.debian.tar.xz Files: c7e597dcb58a210e377ce83771cce0d9 1548 net optional rssh_2.3.4-9.dsc 11e4877e55f793e5b2efeb24ed9c5d49 29704 net optional rssh_2.3.4-9.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE1zk0tJZ0z1zNmsJ4fYAxXFc23nUFAlxP39EACgkQfYAxXFc2 3nV7vAf6ApcxS1NqfqqxzZklCcNbvmhAzZ0+8tMNvTQ5zRMUqoFg8wbpumrzy5ji iET3HqYZk9WSq0UDiM90sMDFivW1GsPVms8B4G/bRlXuXJTACiWPrJIdesadb8w5 6czJp/LjSLP0iROa+9NzTngujaZwZE8NL8sNE7T+YhZnVI+C0/U7KLHJ11Ir/Mel s8a4GQoD/8Rl9/bpHTxevtgKiQFkPttEI8CRYsIWLfGppPG7Y1hz3WcNN2Np5Fo/ 8ofAvtapGTD0GtoYX8COYogLpkEwWcI8L25SC0Q/NZmeiCIx1w1EOFXjr1CxUCN9 Bm0bO3P3iI+w4TnOHlYKG4rKjWQ1UQ== =GBQT -----END PGP SIGNATURE-----
