search for: sintonen

...does not. Is that a shortcoming of the patch? Or is it intended behavior? I looked through various man pages, but I could not find any definite statement about whether server-side brace expansion are supposed to work on or not. Could someone please enlighten me? Best regards, Peter [1] https://sintonen.fi/advisories/scp-name-validator.patch

Damien, Reading the various articles about https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt have caused me to question the wisdom of using scp. Your observation: > Date: Tue, 22 Jan 2019 13:48:34 +1100 (AEDT) > From: Damien Miller <djm at mindrot.org> > Subject: Re: Status of SCP vulnerability > > "Don'...

...a direct vulnerability, but taking over the user's terminal (to some extent) could still lead to attacks, if he believes that output. > We consider the last bug, relating to filename printing to be a > usability problem. Similar here... a forgery might be used for attacks, e.g. as what Sintonen writes, by hiding additionally transferred files. In general, I also don't think sftp is a viable replacement; using it on the command line to just transfer single files is much less handy than using scp. So isn't it possibly to fully fix scp? And maybe in addition to prevent scp from o...

Hello, I would like to request an update of the progress regarding fixes for the recently disclosed SCP vulnerability (CVE-2018-20685, CVE-2019-6111, CVE-2019-6109, CVE-2019-6110) It has been stated that CVE-2018-20685 has been patched in november but there are currently no information available on the progress of patches regarding the other CVEs. Will there be a patched release any time soon?