Gentoo Linux Security Advisory 201311-19 - Multiple vulnerabilities have been found in rssh, allowing local attackers to bypass access restrictions. Versions less than 2.3.4 are affected.
2cfca946aed87f93230a6b6e24c15593789e28cee281ff97f52258c3b9f27c16
Debian Linux Security Advisory 2578-1 - James Clawson discovered that rssh, a restricted shell for OpenSSH to be used with scp/sftp, rdist and cvs, was not correctly filtering command line options. This could be used to force the execution of a remote script and thus allow arbitrary command execution.
d9979ff7d19f7c9e9521796945b7c49ed74862a888a3527cd1b55022041c8c36
RSSH version 2.3.4 was released to address an environment variable manipulation vulnerability and an improper filtering of the rsync command line.
3292f4ccb0a7fd1db2d5443d8a6d96f69577b83251c4988b59049dc9a3bd99c8