Florian Weimer discovered the following vulnerability:
scponly 4.6 and earlier allows remote authenticated users to bypass
intended restrictions and execute code by invoking scp, as implemented
by OpenSSH, with the -F and -o options.
This issue is currently under embargo, no release date set.
Seems like a B2 to me (arbitrary command execution).
Created attachment 141623 [details, diff]
Part of the Debian diff.gz
Matsuu, please update the ebuild. I assume the patch attached above is the fix for this vulnerability, but if you can have a look again, please do.
Comment on attachment 141623 [details, diff]
The above patch is not enough, see
Good thing to know, the patch is already in our stable 4.8.
GLSA request filed.
Lets do a GLSA with #201726. Commented on the GLSA request.
GLSA 200802-06, sorry for the delay.