Information on source package rssh

Available versions

ReleaseVersion
jessie2.3.4-4
jessie (security)2.3.4-4+deb8u3
stretch (security)2.3.4-5+deb9u4

Resolved issues

BugDescription
CVE-2019-3464Insufficient sanitization of environment variables passed to rsync can ...
CVE-2019-3463Insufficient sanitization of arguments passed to rsync can bypass the ...
CVE-2019-1000018rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Speci ...
CVE-2012-3478rssh 2.3.3 and earlier allows local users to bypass intended restricte ...
CVE-2012-2252Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsyn ...
CVE-2012-2251rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync prot ...
CVE-2006-1320util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a ...
CVE-2005-3345rssh 2.0.0 through 2.2.3 allows local users to bypass access restricti ...
CVE-2004-1628Format string vulnerability in log.c in rssh before 2.2.2 allows remot ...
CVE-2004-1161rssh 2.2.2 and earlier does not properly restrict programs that can be ...
CVE-2004-0609rssh 2.0 through 2.1.x expands command line arguments before entering ...

Security announcements

DSA / DLADescription
DSA-4377-3rssh - regression update
DLA-1660-2rssh - regression update
DSA-4377-2rssh - regression update
DLA-1660-1rssh - security update
DSA-4382-1rssh - security update
DSA-4377-1rssh - security update
DLA-1650-1rssh - security update
DSA-2578-1rssh - several
DSA-2530-1rssh - shell command injection
DSA-1109rssh - programming error

Search for package or bug name: Reporting problems