Date: Wed, 16 Jan 2019 06:42:38 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 234965] scp client multiple vulnerabilities (openssh in base/ports affected: CVE-2018-20685 CVE-2019-6111 CVE-2019-6109,6110) Message-ID: <bug-234965-227-dactnOdG3U@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-234965-227@https.bugs.freebsd.org/bugzilla/> References: <bug-234965-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234965 Kubilay Kocak <koobs@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |Open Priority|--- |Normal Assignee|bugs@FreeBSD.org |ports-secteam@FreeBSD.org Summary|openssh, scp vulnerability |scp client multiple |CVE-2018-20685 |vulnerabilities (openssh in |CVE-2019-6111 |base/ports affected: |CVE-2019-6109,6110 |CVE-2018-20685 | |CVE-2019-6111 | |CVE-2019-6109,6110) CC| |bdrewery@FreeBSD.org, | |emaste@freebsd.org, | |ports-secteam@FreeBSD.org URL| |https://sintonen.fi/advisor | |ies/scp-client-multiple-vul | |nerabilities.txt --- Comment #2 from Kubilay Kocak <koobs@FreeBSD.org> --- base r343043 by emaste@ addressed one of the issues (CVE-2018-20685) CC bdrewery (security/openssh-portable maintainer) According to the article/announcement details, openssh is vulnerable to all four CVE's. I'd use this as a parent coordinator issue, with separate sub issues created for each of base openssh and ports openssh being tracked separately for clarity of merges (base issues only multiple MFC flags, ports issues have a single merge quarterly flag), and given base and ports components have different maintainers. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-234965-227-dactnOdG3U>