On Tue, Jan 24, 2006 at 11:09:17AM +, Colin Watson wrote:
> It's not clear to me whether upstream will change this,
Looks like upstream are going to fix it after all. I'll monitor the
upstream bug and incorporate whatever patch finally gets committed.
--
Colin Watson
By the way, if you intend to fix this bug for stable, it might be a
good idea to include a fix for #270770 as well (which, at this stage,
boils down to clearing the SUID/SGID flags).
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
* Colin Watson:
> It's not clear to me whether upstream will change this, because it's not
> possible to fix many scp issues without breaking protocol compatibility:
The bug affects local-to-local copies, which are not subject to
protocol constraints. Remote-to-remote copies do not seem to use t
On Tue, Jan 24, 2006 at 11:22:23AM +0100, Martin Pitt wrote:
> Package: ssh
> Severity: important
> Tags: security patch
>
> Hi!
>
> http://bugzilla.mindrot.org/show_bug.cgi?id=1094 describes a flaw in
> scp: it expands shell characters and escapes twice which could lead to
> unwanted shell code
Package: ssh
Severity: important
Tags: security patch
Hi!
http://bugzilla.mindrot.org/show_bug.cgi?id=1094 describes a flaw in
scp: it expands shell characters and escapes twice which could lead to
unwanted shell code execution. It affects cases where scp is used to
transfer untrusted directories
5 matches
Mail list logo
