Hi Markus,
On Mi 20 Mär 2019 13:36:01 CET, Markus Koschany wrote:
Hi Mike,
On Fri, 08 Mar 2019 22:40:52 + Mike Gabriel
wrote:
[...]
The critical patch is CVE-2019-6111-2.patch. With that patch added I
get segfaults with scp. Without that patch scp works, but is
susceptible to the
Hi Mike,
On Fri, 08 Mar 2019 22:40:52 + Mike Gabriel
wrote:
[...]
> The critical patch is CVE-2019-6111-2.patch. With that patch added I
> get segfaults with scp. Without that patch scp works, but is
> susceptible to the earlier mentioned exploit for CVE-2019-6111.
>
> I am a bit lost
Hi again
I finally found out why I could not use xstrdup so with that fixed I run
the tests again. No crash. My guess is that the crash is some other part of
the code and not the newly introduced functions.
// Ola
On Mon, 11 Mar 2019 at 00:09, Ola Lundqvist wrote:
> Hi Mike
>
> I have had a
Hi Mike
I have had a look at this. First of all I do not think the CVE is
completely fixed even with the additional patch. I also do not fully
understand how 6111-2.patch is supposed to work. More about this below.
Let us give some example commands.
[1] scp host:/foobar/a* b
[2] scp host:a* b
Hi Colin, hi Debian LTS team,
On Fr 01 Mär 2019 13:24:30 CET, Colin Watson wrote:
And yes, it looks OK - I'll upload it to unstable shortly.
I have prepared a backport of this newly added patch [1] (see #923486
for details) to openssh in Debian jessie LTS, but with that patch
backported
On Thu, Feb 28, 2019 at 11:05:37PM +0100, Salvatore Bonaccorso wrote:
> Colin, but please double check if this is enough. A server which sends
> an additional malicious file is blocked by that (and the patch is not
> following git-dpm workflow as I'm unfamiliar with it).
Cherry-picked as follows,
Hi
Attached the patch and debdiff for unstable which fixes this issue.
Colin, but please double check if this is enough. A server which sends
an additional malicious file is blocked by that (and the patch is not
following git-dpm workflow as I'm unfamiliar with it).
dummy@sid:~$ scp -P
Hi Salvatore,
On Do 28 Feb 2019 22:43:26 CET, Salvatore Bonaccorso wrote:
Hi
Unchecked yet, but there was a related follow up commit upstream as
per
https://anongit.mindrot.org/openssh.git/commit/?id=3d896c157c722bc47adca51a58dca859225b5874
Regards,
Salvatore
will rebase that against
Hi
Unchecked yet, but there was a related follow up commit upstream as
per
https://anongit.mindrot.org/openssh.git/commit/?id=3d896c157c722bc47adca51a58dca859225b5874
Regards,
Salvatore
Source: openssh
Version: 1:7.9p1-7
Severity: important
Tags: security
Control: found -1 1:7.9p1-6
Control: found -1 1:7.4p1-10+deb9u5
Control: found -1 1:6.7p1-5+deb8u7
Hi,
while working on a fixed openssh version for Debian jessie LTS regarding
CVE-2019-6110
CVE-2019-6111
CVE-2018-20685
10 matches
Mail list logo