Debian Package Tracker

From: Russ Allbery <rra@debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted rssh 2.3.4-4+deb8u3 (source amd64) into oldstable
Date: Tue, 19 Feb 2019 08:20:13 +0000
Signed by: Chris Lamb <chris@chris-lamb.co.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 18 Feb 2019 19:50:49 -0800
Source: rssh
Binary: rssh
Architecture: source amd64
Version: 2.3.4-4+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Russ Allbery <rra@debian.org>
Changed-By: Russ Allbery <rra@debian.org>
Description:
 rssh       - Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist
Closes: 921655
Changes:
 rssh (2.3.4-4+deb8u3) jessie-security; urgency=high
 .
   * The fix for the scp security vulnerability in 2.3.4-4+deb8u2
     introduced a regression that blocked scp of multiple files from a
     server using rssh.  Based on further analysis of scp's command-line
     parsing, relax the check to require the server command contain -f or
     -t, plus the -pf and -pt variants sent by libssh2, which should
     deactivate scp's support for remote files.  (Closes: #921655)
     (LP: #1815935)
Checksums-Sha1:
 6ae3357ebef52a33192955a4f6c038500177bdb4 1835 rssh_2.3.4-4+deb8u3.dsc
 e13ae1fdce4b0c89ef70f4695689139c8409e2e8 113315 rssh_2.3.4.orig.tar.gz
 e9304f5cac7a90abd6981d3e5e1d388e7536d8e5 29376 rssh_2.3.4-4+deb8u3.debian.tar.xz
 90bb430c68976e3d4c4ab9429de1eafccd60884f 55892 rssh_2.3.4-4+deb8u3_amd64.deb
Checksums-Sha256:
 24728b4da231510b1c7a08ecf0adc8d8f58a7e9325be7213cc4aff46f2d452b2 1835 rssh_2.3.4-4+deb8u3.dsc
 f30c6a760918a0ed39cf9e49a49a76cb309d7ef1c25a66e77a41e2b1d0b40cd9 113315 rssh_2.3.4.orig.tar.gz
 f1c693fa2212ddcf7edab0aa2ba438904d144e4ebaacce462f88f4ef791454b5 29376 rssh_2.3.4-4+deb8u3.debian.tar.xz
 69ed4f2d18dbbe14c31b32da01d13d06fe196586acd9bf979ef1b046b39d1847 55892 rssh_2.3.4-4+deb8u3_amd64.deb
Files:
 0de99d89319caaef1d31af919350474c 1835 net optional rssh_2.3.4-4+deb8u3.dsc
 5211f5fe206704f813a3cec61f487042 113315 net optional rssh_2.3.4.orig.tar.gz
 faefc3ea5c6451560bb60563e67e51c9 29376 net optional rssh_2.3.4-4+deb8u3.debian.tar.xz
 7a1fbe476e26628cebbb0e752ff3d8e4 55892 net optional rssh_2.3.4-4+deb8u3_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlxruhsACgkQHpU+J9Qx
Hli4NA/6Aq3/yZK+PMZ6naAA5UJHipk6uPkXk+82DtuioRPu9HSUBSniq6hbcqQT
SeiaOxny5brmS2s8mlurHKuu8ZFeRsOe9zTx/QPgMva7hk9d80ouJkjIZxCizEBH
bsTomHDXhl1S0Wy96RcV+7CK80qzBp1W0jwC0mrKn+D8IntolhUNkjw2GcdP7fbL
Ej9oEM9L44t2nqxHsJWx2SxPYBabI+oPtsU4AcydzxxnbtmN/wNDD/Eo0VgeCKRb
F0di7p5+IW0dz78a8Fnh/1/dLt05B5O4wq6SVFxWPylBCBUQEF+9e18KPqDbcHUY
o0dn6YSlHeVGaFvXtdD0jwKCFDgPOwfEZAZ8AdAMWF7A9eEV1iWju15I5UkLT6/N
eIjpeUKgj8nqaItEdrxAfm+68HUyrIc/nTmrPJ1QGmZRMxpqDPqOM6QNij9TEXmn
3vZx8c4712JTWfuYv1RBJ04s8gi2tCr4jhbkP0CdIUP4sE5Gx/dINQgh3eyotpCq
PMZ1qrzqp2aQqxnlDG5hLVVzmsmFUCic+NjShS/yU4UVevTPOajb1KVsZiNrmF2E
Mg+IRoyHNu0mBJ83bbkjIxZqsbYksx7tLc3/cd699aAMVTk+IfquaZfU6ASh0bws
JvCXuDDOKZcqpr8akigeqzGj5jyuwTlwy1BDbtbQXsajk1+Dvkk=
=Aesz
-----END PGP SIGNATURE-----

News for package rssh