From owner-freebsd-bugs@freebsd.org Wed Jan 16 06:42:40 2019 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 62C9414A4D89 for ; Wed, 16 Jan 2019 06:42:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id EF0528F50E for ; Wed, 16 Jan 2019 06:42:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id B294114A4D88; Wed, 16 Jan 2019 06:42:39 +0000 (UTC) Delivered-To: bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9002414A4D87 for ; Wed, 16 Jan 2019 06:42:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2E6768F507 for ; Wed, 16 Jan 2019 06:42:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 5C1811D9A for ; Wed, 16 Jan 2019 06:42:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id x0G6gcLu093838 for ; Wed, 16 Jan 2019 06:42:38 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id x0G6gcm3093837 for bugs@FreeBSD.org; Wed, 16 Jan 2019 06:42:38 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 234965] scp client multiple vulnerabilities (openssh in base/ports affected: CVE-2018-20685 CVE-2019-6111 CVE-2019-6109,6110) Date: Wed, 16 Jan 2019 06:42:38 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: security X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: ports-secteam@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status priority assigned_to short_desc cc bug_file_loc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jan 2019 06:42:40 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D234965 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |Open Priority|--- |Normal Assignee|bugs@FreeBSD.org |ports-secteam@FreeBSD.org Summary|openssh, scp vulnerability |scp client multiple |CVE-2018-20685 |vulnerabilities (openssh in |CVE-2019-6111 |base/ports affected: |CVE-2019-6109,6110 |CVE-2018-20685 | |CVE-2019-6111 | |CVE-2019-6109,6110) CC| |bdrewery@FreeBSD.org, | |emaste@freebsd.org, | |ports-secteam@FreeBSD.org URL| |https://sintonen.fi/advisor | |ies/scp-client-multiple-vul | |nerabilities.txt --- Comment #2 from Kubilay Kocak --- base r343043 by emaste@ addressed one of the issues (CVE-2018-20685) CC bdrewery (security/openssh-portable maintainer) According to the article/announcement details, openssh is vulnerable to all four CVE's. I'd use this as a parent coordinator issue, with separate sub issues created for each of base openssh and ports openssh being tracked separately for cla= rity of merges (base issues only multiple MFC flags, ports issues have a single merge quarterly flag), and given base and ports components have different maintainers. --=20 You are receiving this mail because: You are the assignee for the bug.=