Date: Wed, 16 Jan 2019 06:42:38 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 234965] scp client multiple vulnerabilities (openssh in base/ports affected: CVE-2018-20685 CVE-2019-6111 CVE-2019-6109,6110) Message-ID: <bug-234965-227-dactnOdG3U@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-234965-227@https.bugs.freebsd.org/bugzilla/> References: <bug-234965-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D234965 Kubilay Kocak <koobs@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |Open Priority|--- |Normal Assignee|bugs@FreeBSD.org |ports-secteam@FreeBSD.org Summary|openssh, scp vulnerability |scp client multiple |CVE-2018-20685 |vulnerabilities (openssh in |CVE-2019-6111 |base/ports affected: |CVE-2019-6109,6110 |CVE-2018-20685 | |CVE-2019-6111 | |CVE-2019-6109,6110) CC| |bdrewery@FreeBSD.org, | |emaste@freebsd.org, | |ports-secteam@FreeBSD.org URL| |https://sintonen.fi/advisor | |ies/scp-client-multiple-vul | |nerabilities.txt --- Comment #2 from Kubilay Kocak <koobs@FreeBSD.org> --- base r343043 by emaste@ addressed one of the issues (CVE-2018-20685) CC bdrewery (security/openssh-portable maintainer) According to the article/announcement details, openssh is vulnerable to all four CVE's. I'd use this as a parent coordinator issue, with separate sub issues created for each of base openssh and ports openssh being tracked separately for cla= rity of merges (base issues only multiple MFC flags, ports issues have a single merge quarterly flag), and given base and ports components have different maintainers. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-234965-227-dactnOdG3U>