Accepted rssh 2.3.4-5+deb9u2 (source amd64) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 01 Feb 2019 20:28:01 -0800
Source: rssh
Binary: rssh
Architecture: source amd64
Version: 2.3.4-5+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Russ Allbery <rra@debian.org>
Changed-By: Russ Allbery <rra@debian.org>
Description:
rssh - Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist
Changes:
rssh (2.3.4-5+deb9u2) stretch-security; urgency=high
.
* Also reject rsync --daemon and --config command-line options, which
can be used to run arbitrary commands. Thanks, Nick Cleaton.
(CVE-2019-3463)
* Unset the HOME environment variable when running rsync to prevent popt
(against which rsync is linked) from loading a ~/.popt configuration
file, which can run arbitrary commands on the server or redefine
command-line options to bypass argument checking. Thanks, Nick
Cleaton. (CVE-2019-3464)
* Do not stop checking the rsync command line at --, since this can be
an argument to some other option and later arguments may still be
interpreted as options. In the few cases where one needs to rsync to
files named things like --rsh, the client can use ./--rsh instead.
Thanks, Nick Cleaton.
Checksums-Sha1:
f985cc92f6c50605cd7f2353e1ed7f6b377d0376 1514 rssh_2.3.4-5+deb9u2.dsc
08cf495a20bcacdd4d2589f80bf4f843e8cca5b8 30268 rssh_2.3.4-5+deb9u2.debian.tar.xz
d3d8086a417299fb64c2a8d4ec14dda58659a2d9 50402 rssh-dbgsym_2.3.4-5+deb9u2_amd64.deb
cfcb6e857b882f053e80deda8fca359c3649c17b 5735 rssh_2.3.4-5+deb9u2_amd64.buildinfo
05c63ae579aafd2243deb95f902045491ff7d486 55616 rssh_2.3.4-5+deb9u2_amd64.deb
Checksums-Sha256:
38a001f8eb67c4831ed3c914602d59e09eda2ca90faa063a23ac6cd3f7a28e31 1514 rssh_2.3.4-5+deb9u2.dsc
200af1f7bb5460f4512fc543cb71ad6be02985223de4a6af2958949678b7f388 30268 rssh_2.3.4-5+deb9u2.debian.tar.xz
31b8ff8ec030c2886b44ef4dde665ef76b8a0ee627a501d0a67b21025ca0d763 50402 rssh-dbgsym_2.3.4-5+deb9u2_amd64.deb
9dded0213e632822d8912f170b59cb268d6d568189e74cd219306964e6711400 5735 rssh_2.3.4-5+deb9u2_amd64.buildinfo
1e4d7fc21eaf15b0e5517a62586bd21ce863f7d79ba2035c9e5d9d6db9ee430f 55616 rssh_2.3.4-5+deb9u2_amd64.deb
Files:
4434f8b079d59c40b621a06156555ed5 1514 net optional rssh_2.3.4-5+deb9u2.dsc
2c63b630f3ad3db3bce562304ab0fe4d 30268 net optional rssh_2.3.4-5+deb9u2.debian.tar.xz
e1bbb345404c515251790d9a80cfd278 50402 debug extra rssh-dbgsym_2.3.4-5+deb9u2_amd64.deb
0b247598fd20639f2254cf8c4bb267b1 5735 net optional rssh_2.3.4-5+deb9u2_amd64.buildinfo
4d8f666fa8c212715e5a4fb6fac90e3a 55616 net optional rssh_2.3.4-5+deb9u2_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEE1zk0tJZ0z1zNmsJ4fYAxXFc23nUFAlxVHL4ACgkQfYAxXFc2
3nVukggAvPRhNNQIUCsaJvjLMfFxdh/LSU5N0OGNuQ9nevMf8dY3/eC+aXcRUVXa
oyncPq1EW7NjH/coorv0l3CVl9jYUATSGn9nM+FpAjVfMgxRax0k8yTHkhIiIVwa
GUwVQyTAJ1CzDqgT7f6MA4PWH3+iMtG+YG1z0EPK/slcEaYALiwppszcGM7woIbb
k8U6uLXR3jw/Fm6psLbzEuvueSQxBeGsIgiMzoYVPmZAFmv2lH/moge5Xs/8+SG0
78jbeT5FI2Ib2M8SWHSOs5e5aPqk8kd5CAAerdkQYB9FH3CXgd0JyAary6+5s5B+
A+I+9e4CBdOk2A+mnDb2gCmHUxRUTQ==
=Qe4V
-----END PGP SIGNATURE-----