Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2019010 Title: environment variable SSH_ORIGINAL_COMMAND on server side set with wrong value Status in openssh package in Ubuntu: New Bug description: After updating to Ubuntu 23.04 when running scp command environment variable SSH_ORIGINAL_COMMAND on server side is set with SSH_ORIGINAL_COMMAND=/usr/libexec/openssh/sftp-server. With previous version this environment variable was set to "scp -t <file name>" or "scp -f <file name>" depends on if it was push or get command to copy file from or to remote system SSH_ORIGINAL_COMMAND environment variable is used to validate scp command on server side. System information: lsb_release -rd No LSB modules are available. Description: Ubuntu 23.04 Release: 23.04 apt-cache policy openssh-client openssh-client: Installed: 1:9.0p1-1ubuntu8 Candidate: 1:9.0p1-1ubuntu8 Version table: *** 1:9.0p1-1ubuntu8 500 500 http://us.archive.ubuntu.com/ubuntu lunar/main amd64 Packages 100 /var/lib/dpkg/status To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2019010/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
