From owner-freebsd-security@freebsd.org  Thu Nov  3 10:37:01 2016
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id EECE2C2D532
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Thu,  3 Nov 2016 10:37:01 +0000 (UTC)
 (envelope-from matthew@FreeBSD.org)
Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk
 [81.2.117.100])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "smtp.infracaninophile.co.uk",
 Issuer "infracaninophile.co.uk" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 665D417A2
 for <freebsd-security@freebsd.org>; Thu,  3 Nov 2016 10:37:01 +0000 (UTC)
 (envelope-from matthew@FreeBSD.org)
Received: from zero-gravitas.local (unknown [85.199.232.226])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 (Authenticated sender: m.seaman@infracaninophile.co.uk)
 by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id DA61E121C
 for <freebsd-security@freebsd.org>; Thu,  3 Nov 2016 10:36:56 +0000 (UTC)
Authentication-Results: smtp.infracaninophile.co.uk;
 dmarc=none header.from=FreeBSD.org
Authentication-Results: smtp.infracaninophile.co.uk/DA61E121C; dkim=none;
 dkim-atps=neutral
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:33.openssh
To: freebsd-security@freebsd.org
References: <20161102075533.8BBA114B5@freefall.freebsd.org>
 <201611021357.uA2DvHMW003088@higson.cam.lispworks.com>
 <CA+7WWSc+_Jjf+StVb2n367+7YSCw-RnGMTbT4nbaE88d_n57+g@mail.gmail.com>
From: Matthew Seaman <matthew@FreeBSD.org>
Message-ID: <b8dcb2aa-4149-89ad-e519-8ce68922d0a8@FreeBSD.org>
Date: Thu, 3 Nov 2016 10:36:50 +0000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0)
 Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <CA+7WWSc+_Jjf+StVb2n367+7YSCw-RnGMTbT4nbaE88d_n57+g@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="xIK6CJC8T56S2vxIUJlHNcNgK4p0hLT8x"
X-Spam-Status: No, score=-0.4 required=5.0 tests=BAYES_00,RDNS_NONE,
 SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.1
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
 smtp.infracaninophile.co.uk
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Nov 2016 10:37:02 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--xIK6CJC8T56S2vxIUJlHNcNgK4p0hLT8x
Content-Type: multipart/mixed; boundary="R8vlwi7g99CorCHe1PWrQuGKfGN1kvIHo";
 protected-headers="v1"
From: Matthew Seaman <matthew@FreeBSD.org>
To: freebsd-security@freebsd.org
Message-ID: <b8dcb2aa-4149-89ad-e519-8ce68922d0a8@FreeBSD.org>
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:33.openssh
References: <20161102075533.8BBA114B5@freefall.freebsd.org>
 <201611021357.uA2DvHMW003088@higson.cam.lispworks.com>
 <CA+7WWSc+_Jjf+StVb2n367+7YSCw-RnGMTbT4nbaE88d_n57+g@mail.gmail.com>
In-Reply-To: <CA+7WWSc+_Jjf+StVb2n367+7YSCw-RnGMTbT4nbaE88d_n57+g@mail.gmail.com>

--R8vlwi7g99CorCHe1PWrQuGKfGN1kvIHo
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 2016/11/03 09:41, Kimmo Paasiala wrote:
> Both 10.1 and 10.2 are going to be unsupported by the end of this
> year, that's probably the reason the fix was not included in them.
>=20
> https://www.freebsd.org/security/#sup
>=20

Yes, but 10.1 and 10.2 are still supported for the next two months.
That means they should get security patches where warranted until Dec
31st.  There's no point in stating an EoL date if the end of the support
lifetime is effectively a few months before that...

If and advisory hasn't been issued for 10.1 and 10.2 that's because the
Security Team currently don't think the problem applies to those
versions.  It's possible SecTeam are mistaken and will need to update
the advisory, but SecTeam are usually pretty accurate about these things.=


	Cheers,

	Matthew
=09



--R8vlwi7g99CorCHe1PWrQuGKfGN1kvIHo--

--xIK6CJC8T56S2vxIUJlHNcNgK4p0hLT8x
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQJ8BAEBCgBmBQJYGxNIXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxOUYxNTRFQ0JGMTEyRTUwNTQ0RTNGMzAw
MDUxM0YxMEUwQTlFNEU3AAoJEABRPxDgqeTnizgP/1ditrlm5dxG8YGI208fflFm
27ILmhsDVPXGFAgdtWtZYZzqYYAw0mK24z7ZF4TDpPvH55Frvyc58PPGX+daXdRh
VPbn8K1ZBTh5di3X0pI9T6yoIFRMadE0j5hRAcBAWqHKsopfnVNRUEZCyHDxkmIa
OnDHgTv0+2IJLub0GKF2HPLkdJ3R22KGxxcinZdGtUOXrtRnv+7mvrjCiAXjnm8E
sMmX3WF1uqMcKKmVDLKA/SNncHyiHEW+KAh7TKWjKHXapXDCg3RWI+ONd5OwCfMM
DnNUFVT+T+Kf0s6aiW9gcrTXVCXWcNL/M72RGwT1afRkLDFkyf2bE1LU/wVRwnyC
utapxk8AFIlhkvcZmM9QqZq434EP0KSosTQeTtXoMWodmgQ11vESUmqbV38Kiyl6
oTSzXuAJTYUBmY4wrtkfkJV1teO1QkLHRH4rBqf6IY9ymCCN94vTLhMATqHdr+FO
pN+Vq497gCT+JJ3SxKVD3hOowt9640HsAM8tLtOQEBj3+/iBC5eQgJPemHWBgM6V
3yHt8Hn14CxQk8LPn3kfiNsim9Okf0XnnTJ/KkW39hohBS78wGybo3AhSwVmGkve
CiLNk1myn2HL0/mYjI/xD2ZUDtq2iyJEqKOA6Yo3nhY9y6dqtON+OBPMdlZaBEGa
hmOfJX4nA8oQA6C+WJrg
=2bP6
-----END PGP SIGNATURE-----

--xIK6CJC8T56S2vxIUJlHNcNgK4p0hLT8x--