Errata overview
Errata ID 440
Date 2019-02-27
Source package openssh
Fixed in version 1:7.4p1-10+deb9u5
This update addresses the following issues:
* Disallow empty filenames or ones that refer to the current directory
* Sanitize scp filenames via snmprintf() (CVE-2019-6109)
* Check in scp client that filenames sent during remote->local directory
  copies satisfy the wildcards specified by the user (CVE-2019-6111)
Additional notes
CVE ID CVE-2018-20685
UCS Bug number #48780