[Bug 234965] scp client multiple vulnerabilities (openssh in base/ports affected: CVE-2018-20685 CVE-2019-6111 CVE-2019-6109,6110)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Jan 16 06:42:40 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234965
Kubilay Kocak <koobs at FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|New |Open
Priority|--- |Normal
Assignee|bugs at FreeBSD.org |ports-secteam at FreeBSD.org
Summary|openssh, scp vulnerability |scp client multiple
|CVE-2018-20685 |vulnerabilities (openssh in
|CVE-2019-6111 |base/ports affected:
|CVE-2019-6109,6110 |CVE-2018-20685
| |CVE-2019-6111
| |CVE-2019-6109,6110)
CC| |bdrewery at FreeBSD.org,
| |emaste at freebsd.org,
| |ports-secteam at FreeBSD.org
URL| |https://sintonen.fi/advisor
| |ies/scp-client-multiple-vul
| |nerabilities.txt
--- Comment #2 from Kubilay Kocak <koobs at FreeBSD.org> ---
base r343043 by emaste@ addressed one of the issues (CVE-2018-20685)
CC bdrewery (security/openssh-portable maintainer)
According to the article/announcement details, openssh is vulnerable to all
four CVE's.
I'd use this as a parent coordinator issue, with separate sub issues created
for each of base openssh and ports openssh being tracked separately for clarity
of merges (base issues only multiple MFC flags, ports issues have a single
merge quarterly flag), and given base and ports components have different
maintainers.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list