Errata overview
Errata ID 624
Date 2019-03-27
Source package openssh
Fixed in version 1:6.7p1-5+deb8u8
This update addresses the following issues:
* scp client improper directory name validation (CVE-2018-20685)
* Missing character encoding in progress display allows for spoofing of scp
  client output (CVE-2019-6109)
* Improper validation of object names allows malicious server to overwrite
  files via scp client (CVE-2019-6111)
Additional notes
CVE ID CVE-2018-20685
UCS Bug number #49097