diff -Nru rssh-2.3.4/debian/changelog rssh-2.3.4/debian/changelog
--- rssh-2.3.4/debian/changelog	2019-02-12 01:22:05.000000000 +0000
+++ rssh-2.3.4/debian/changelog	2019-04-10 17:03:08.000000000 +0000
@@ -1,3 +1,13 @@
+rssh (2.3.4-4+deb8u2ubuntu0.16.04.2) xenial-security; urgency=medium
+
+  * SECURITY REGRESSION: The previous security regression released in
+    2.3.4-4+deb8u2ubuntu0.14.04.1 did not resolve all of the regressions
+    caused by 2.3.4-4+deb8u2ubuntu0.14.04.1. This fix adds support for
+    the '-pf' and '-pt' variants of the command line options.
+    (LP: 1815741)
+
+ -- Mike Salvatore <mike.salvatore@canonical.com>  Wed, 10 Apr 2019 13:01:45 -0400
+
 rssh (2.3.4-4+deb8u2ubuntu0.16.04.1) xenial-security; urgency=medium
 
   * SECURITY REGRESSION: The fix for the scp security vulneraability
diff -Nru rssh-2.3.4/debian/patches/0009-Verify-scp-command-options.patch rssh-2.3.4/debian/patches/0009-Verify-scp-command-options.patch
--- rssh-2.3.4/debian/patches/0009-Verify-scp-command-options.patch	2019-02-12 00:44:04.000000000 +0000
+++ rssh-2.3.4/debian/patches/0009-Verify-scp-command-options.patch	2019-04-10 17:07:15.000000000 +0000
@@ -17,7 +17,8 @@
 Attempt to protect against this attack by checking the command line
 of scp and only allowing the options that are passed to the server
 end of the connection.  Require either -f or -t be given, which
-disables scp's attempts to connect to a remote host.
+disables scp's attempts to connect to a remote host.  Allow these as
+-pf and -pt, which are sent by libssh2.
 
 Debian Bug#919623
 ---
@@ -48,11 +49,11 @@
 +		if ( strcmp(*vec, "-r") == 0 ) continue;
 +		if ( strcmp(*vec, "-p") == 0 ) continue;
 +		if ( strcmp(*vec, "-d") == 0 ) continue;
-+		if ( strcmp(*vec, "-f") == 0 ){
++		if ( strcmp(*vec, "-f") == 0 || strcmp(*vec, "-pf") == 0 ){
 +			saw_f_or_t = TRUE;
 +			continue;
 +		}
-+		if ( strcmp(*vec, "-t") == 0 ){
++		if ( strcmp(*vec, "-t") == 0 || strcmp(*vec, "-pt") == 0 ){
 +			saw_f_or_t = TRUE;
 +			continue;
 +		}