Fixed tests.

test/docker/expected_results/openssh_4.0p1_test1.txt

@@ -6,7 +6,10 @@
 (gen) compression: enabled (zlib)
 
 # security
-(cve) CVE-2018-15473                      -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies
+(cve) CVE-2020-15778                      -- (CVSSv2: 7.8) command injection via anomalous argument transfers
+(cve) CVE-2018-15473                      -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies
+(cve) CVE-2017-15906                      -- (CVSSv2: 5.3) readonly bypass via sftp
+(cve) CVE-2016-20012                      -- (CVSSv2: 5.3) enumerate usernames via challenge response
 (cve) CVE-2016-3115                       -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data
 (cve) CVE-2014-1692                       -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)
 (cve) CVE-2012-0814                       -- (CVSSv2: 3.5) leak data via debug messages

test/docker/expected_results/openssh_5.6p1_test1.txt

@@ -5,7 +5,10 @@
 (gen) compression: enabled (zlib@openssh.com)
 
 # security
-(cve) CVE-2018-15473                        -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies
+(cve) CVE-2020-15778                        -- (CVSSv2: 7.8) command injection via anomalous argument transfers
+(cve) CVE-2018-15473                        -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies
+(cve) CVE-2017-15906                        -- (CVSSv2: 5.3) readonly bypass via sftp
+(cve) CVE-2016-20012                        -- (CVSSv2: 5.3) enumerate usernames via challenge response
 (cve) CVE-2016-3115                         -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data
 (cve) CVE-2016-1907                         -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)
 (cve) CVE-2015-6564                         -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid

test/docker/expected_results/openssh_5.6p1_test2.txt

@@ -5,7 +5,10 @@
 (gen) compression: enabled (zlib@openssh.com)
 
 # security
-(cve) CVE-2018-15473                        -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies
+(cve) CVE-2020-15778                        -- (CVSSv2: 7.8) command injection via anomalous argument transfers
+(cve) CVE-2018-15473                        -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies
+(cve) CVE-2017-15906                        -- (CVSSv2: 5.3) readonly bypass via sftp
+(cve) CVE-2016-20012                        -- (CVSSv2: 5.3) enumerate usernames via challenge response
 (cve) CVE-2016-3115                         -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data
 (cve) CVE-2016-1907                         -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)
 (cve) CVE-2015-6564                         -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid

test/docker/expected_results/openssh_5.6p1_test3.txt

@@ -5,7 +5,10 @@
 (gen) compression: enabled (zlib@openssh.com)
 
 # security
-(cve) CVE-2018-15473                        -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies
+(cve) CVE-2020-15778                        -- (CVSSv2: 7.8) command injection via anomalous argument transfers
+(cve) CVE-2018-15473                        -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies
+(cve) CVE-2017-15906                        -- (CVSSv2: 5.3) readonly bypass via sftp
+(cve) CVE-2016-20012                        -- (CVSSv2: 5.3) enumerate usernames via challenge response
 (cve) CVE-2016-3115                         -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data
 (cve) CVE-2016-1907                         -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)
 (cve) CVE-2015-6564                         -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid

test/docker/expected_results/openssh_5.6p1_test4.txt

@@ -5,7 +5,10 @@
 (gen) compression: enabled (zlib@openssh.com)
 
 # security
-(cve) CVE-2018-15473                        -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies
+(cve) CVE-2020-15778                        -- (CVSSv2: 7.8) command injection via anomalous argument transfers
+(cve) CVE-2018-15473                        -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies
+(cve) CVE-2017-15906                        -- (CVSSv2: 5.3) readonly bypass via sftp
+(cve) CVE-2016-20012                        -- (CVSSv2: 5.3) enumerate usernames via challenge response
 (cve) CVE-2016-3115                         -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data
 (cve) CVE-2016-1907                         -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)
 (cve) CVE-2015-6564                         -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid

test/docker/expected_results/openssh_5.6p1_test5.txt

@@ -5,7 +5,10 @@
 (gen) compression: enabled (zlib@openssh.com)
 
 # security
-(cve) CVE-2018-15473                        -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies
+(cve) CVE-2020-15778                        -- (CVSSv2: 7.8) command injection via anomalous argument transfers
+(cve) CVE-2018-15473                        -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies
+(cve) CVE-2017-15906                        -- (CVSSv2: 5.3) readonly bypass via sftp
+(cve) CVE-2016-20012                        -- (CVSSv2: 5.3) enumerate usernames via challenge response
 (cve) CVE-2016-3115                         -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data
 (cve) CVE-2016-1907                         -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)
 (cve) CVE-2015-6564                         -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid

test/docker/expected_results/openssh_8.0p1_test1.txt

@@ -4,6 +4,12 @@
 (gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+
 (gen) compression: enabled (zlib@openssh.com)
 
+# security
+(cve) CVE-2021-41617                        -- (CVSSv2: 7.0) privilege escalation via supplemental groups
+(cve) CVE-2020-15778                        -- (CVSSv2: 7.8) command injection via anomalous argument transfers
+(cve) CVE-2019-16905                        -- (CVSSv2: 7.8) memory corruption and local code execution via pre-authentication integer overflow
+(cve) CVE-2016-20012                        -- (CVSSv2: 5.3) enumerate usernames via challenge response
+
 # key exchange algorithms
 (kex) curve25519-sha256                     -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76
 (kex) curve25519-sha256@libssh.org          -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62

test/docker/expected_results/openssh_8.0p1_test2.txt

@@ -4,6 +4,12 @@
 (gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+
 (gen) compression: enabled (zlib@openssh.com)
 
+# security
+(cve) CVE-2021-41617                        -- (CVSSv2: 7.0) privilege escalation via supplemental groups
+(cve) CVE-2020-15778                        -- (CVSSv2: 7.8) command injection via anomalous argument transfers
+(cve) CVE-2019-16905                        -- (CVSSv2: 7.8) memory corruption and local code execution via pre-authentication integer overflow
+(cve) CVE-2016-20012                        -- (CVSSv2: 5.3) enumerate usernames via challenge response
+
 # key exchange algorithms
 (kex) curve25519-sha256                     -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76
 (kex) curve25519-sha256@libssh.org          -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62

test/docker/expected_results/openssh_8.0p1_test3.txt

@@ -4,6 +4,12 @@
 (gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+
 (gen) compression: enabled (zlib@openssh.com)
 
+# security
+(cve) CVE-2021-41617                        -- (CVSSv2: 7.0) privilege escalation via supplemental groups
+(cve) CVE-2020-15778                        -- (CVSSv2: 7.8) command injection via anomalous argument transfers
+(cve) CVE-2019-16905                        -- (CVSSv2: 7.8) memory corruption and local code execution via pre-authentication integer overflow
+(cve) CVE-2016-20012                        -- (CVSSv2: 5.3) enumerate usernames via challenge response
+
 # key exchange algorithms
 (kex) curve25519-sha256                     -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76
 (kex) curve25519-sha256@libssh.org          -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62

test/test_ssh1.py

@@ -138,7 +138,7 @@ class TestSSH1:
         self.audit(out, self._conf())
         out.write()
         lines = output_spy.flush()
-        assert len(lines) == 17
+        assert len(lines) == 21
 
     def test_ssh1_server_invalid_first_packet(self, output_spy, virtual_socket):
         vsocket = virtual_socket
@@ -153,7 +153,7 @@ class TestSSH1:
         out.write()
         assert ret != 0
         lines = output_spy.flush()
-        assert len(lines) == 10
+        assert len(lines) == 14
         assert 'unknown message' in lines[-1]
 
     def test_ssh1_server_invalid_checksum(self, output_spy, virtual_socket):

test/test_ssh2.py

@@ -147,7 +147,7 @@ class TestSSH2:
         self.audit(out, self._conf())
         out.write()
         lines = output_spy.flush()
-        assert len(lines) == 70
+        assert len(lines) == 74
 
     def test_ssh2_server_invalid_first_packet(self, output_spy, virtual_socket):
         vsocket = virtual_socket
@@ -161,5 +161,5 @@ class TestSSH2:
         out.write()
         assert ret != 0
         lines = output_spy.flush()
-        assert len(lines) == 5
+        assert len(lines) == 9
         assert 'unknown message' in lines[-1]