In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass
intended access restrictions via the filename of . or an empty filename.
Since R2 is gone from the tree and R4 is going through stabilization under 675522, making this bug dependent.
This issue was resolved and addressed in
GLSA 201903-16 at https://security.gentoo.org/glsa/201903-16
by GLSA coordinator Aaron Bauman (b-man).