rssh (2.3.4-4+deb8u2ubuntu0.14.04.1) trusty-security; urgency=medium

  [ Russ Allbery ]
  scp and rsync command verification have been made stricter to try to
  prevent ways of running arbitrary code on the server via ssh
  configuration options.  As a side effect, this will break scp -3 to an
  account using rssh, and will disallow using rssh to run arbitrary scp
  and rsync commands on the server.  Only the server end of an scp or
  rsync command should now be allowed.

  THE CVS SUPPORT IN RSSH IS PROBABLY NOT SECURE, as is already documented
  in the manual page.  While no variation of this attack for cvs is
  currently known, cvs has many options and commands and the small amount
  of filtering rssh does is probably not sufficient.  Use the cvs support
  at your own risk.

  The approach rssh takes to try to restrict commands is fragile,
  regularly broken by new features in the commands it tries to wrap, and
  probably has additional bugs.  It is no longer supported upstream and
  will likely be removed from future versions of Debian.  Please consider
  switching to another security approach.

 -- Steve Beattie <sbeattie@ubuntu.com>  Mon, 11 Feb 2019 16:45:15 -0800

rssh (2.3.2-9) unstable; urgency=low

  This version of the rssh package adds support for Subversion by adding
  an additional configuration parameter that, if set, allows an rssh user
  to run svnserve -t.

  This support requires changing the /etc/rssh.conf file format to add an
  additional binary digit to the permissions field.  The package will
  attempt to make that change automatically during the upgrade, disabling
  svnserve for all users by default, but you may want to double-check the
  resulting /etc/rssh.conf file to be sure it's correct.

 -- Russ Allbery <rra@debian.org>  Sat, 04 Apr 2009 14:39:27 -0700

rssh (2.2.1-1) unstable; urgency=medium

  * This release contains 2 major updates:
    - A minor security fix (which results only in disclosing some information
      in chrooted jails about the non chrooted environment).
    - New support for cvs, rdist and rsync. Due to the new protocols, a 
      modification needs to be done in the configuration file, which has not
      been automated in the installation scripts. Read the packages' README
      for more information.

 -- Jesus Climent <jesus.climent@hispalinux.es>  Thu,  8 Jul 2004 02:37:24 -0300

