-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 22 Nov 2012 12:01:41 -0800
Source: rssh
Binary: rssh
Architecture: source i386
Version: 2.3.3-6
Distribution: unstable
Urgency: high
Maintainer: Russ Allbery <rra@debian.org>
Changed-By: Russ Allbery <rra@debian.org>
Description:
rssh - Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist
Changes:
rssh (2.3.3-6) unstable; urgency=high
.
* Fix several flaws in validation of rsync options. Ensure --server
cannot be hidden from the server by putting it after -- or as the
argument to another option. Verify that the -e option's value matches
expectations rather than trying to look for invalid -e option values.
(CVE-2012-2251)
* Reject the rsync --rsh option even if it does not contain a trailing
equal sign. (CVE-2012-2252)
Checksums-Sha1:
5a1d16b097c94740199b5ad65572ed7b23f90856 1448 rssh_2.3.3-6.dsc
7c7c200633bed290dd93fc9b5460ce972026d916 31331 rssh_2.3.3-6.debian.tar.gz
c1779137a36160f26f518eb2c0b180fe45e4f789 64768 rssh_2.3.3-6_i386.deb
Checksums-Sha256:
d5f9d9572e7bdbf03ef05bc9cf774d77e5f87ec794475afd532ba222981b48fd 1448 rssh_2.3.3-6.dsc
647bc002b470e19bb740e69dfb1ab04dae3c56c14248688e215b30df4bb6896d 31331 rssh_2.3.3-6.debian.tar.gz
e8092a6be18697bf8050aee1229992f455e8af42a7e756aa48897153b1fd1a9f 64768 rssh_2.3.3-6_i386.deb
Files:
f4ce6f370740ec4c587d98533cc54e56 1448 net optional rssh_2.3.3-6.dsc
16023955f8f6c46a9c76bcb499eff6af 31331 net optional rssh_2.3.3-6.debian.tar.gz
8988af5948e4820f6fe5c089b36795f6 64768 net optional rssh_2.3.3-6_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBCAAGBQJQtU5KAAoJEH2AMVxXNt517boIAJyw5/9c1c6rbue9287byBN5
471D8Us1ky3eg9E3WiUJ3IjWcZsRFe/D+SMQRYZQWW8I6vHyNbGdtY9b5lOmuSxL
xkAUHsnKuqvxGNY/U1NPKnHpvSK0PdsKiXv0YyTSJuzvUQhwlxljmVfzpR8IedvO
HTZ1aC/G2lzZpYMnqLvL62shNAJumZ468bQlOq1DY+hh7oGi9K33YmuL6IyVZNQt
YShIWm+KsXLcq2SDAQ3WkGXN8BI8wnViJ46pCPjpKnH8dIg5c6UmyWFj0AMQAIOM
SAT5Kwlf5DerTqiC+wcL0a8VSOrD8gU1iq84uG6tw7+WTIW0nOslQV5HQH0sJJ0=
=60jY
-----END PGP SIGNATURE-----
