Summary: | <net-misc/openssh-7.9_p1-r2: improper check in scp.c:sink() allows malicious servers to bypass access restrictions in scp client (CVE-2018-20685) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system, luke, robbat2 |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: |
net-misc/openssh-7.9_p1-r2
|
Runtime testing required: | --- |
Bug Depends on: | 675522 | ||
Bug Blocks: | 728412 |
Description
GLSAMaker/CVETool Bot
2019-01-15 17:48:45 UTC
Since R2 is gone from the tree and R4 is going through stabilization under 675522, making this bug dependent. This issue was resolved and addressed in GLSA 201903-16 at https://security.gentoo.org/glsa/201903-16 by GLSA coordinator Aaron Bauman (b-man). |