From owner-freebsd-security@freebsd.org Sun Jan 1 01:00:31 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E89F0C8F6AF for ; Sun, 1 Jan 2017 01:00:31 +0000 (UTC) (envelope-from woodsb02@gmail.com) Received: from mail-pg0-x22b.google.com (mail-pg0-x22b.google.com [IPv6:2607:f8b0:400e:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B8FA81B81 for ; Sun, 1 Jan 2017 01:00:31 +0000 (UTC) (envelope-from woodsb02@gmail.com) Received: by mail-pg0-x22b.google.com with SMTP id y62so138809754pgy.1 for ; Sat, 31 Dec 2016 17:00:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:content-transfer-encoding:mime-version:date:subject:message-id :references:in-reply-to:to; bh=iR1QPpL8JiRVTGSKJTCenmkUkx45c5JYbdchnIYN+xc=; b=eRpMILf/UHIWK8YCyPZSBj1afGarF1PC6o659YK5YUZlOXpgL2Y7fhNWrZl5Ab2t0q a0csmfemmyUniSyhjT9qFJKz2tB4ZDJzu2wt/ZRKtzlzQ/qrTwEuL8DCQ+75acGWQWPq uxc6tyMi8Z1zuMsDF4ZFLf5+spOIXDEvcvay+b2n252YRAKsPt219aD5jW7pObdiySv2 E/+e+HL5dvamyXsmKCvGoAXOMikxHg8R9ipbih7KoUuZwiJgx7bVy0OW2ro+RMRQy9Pp TQEeKHrdrhjl2y2RoKCdut5oz0nZfuuDj9eW7uiMKF9Z9qU0i+fopziuZa4pWnrZcFu5 /DeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version:date :subject:message-id:references:in-reply-to:to; bh=iR1QPpL8JiRVTGSKJTCenmkUkx45c5JYbdchnIYN+xc=; b=RsFEMASAfQUF/xYcjSdDSF+WRlniwlPmOU+yDKKu5JEUG36xXj/EHa1j+tcz9zvou6 zOlV8EEOCnDusQGkiI1/NUIum5V6OJi7g2KdmpqfafFI4ejWj0czEY7jAXaV2qt5bcfa Qa+QZN9hxLDYoMnEjwFx7PkmkOwT38Lii8rb54uVKyM2JdlAC3zmrsxq1QgSV9FVkiuD e30wlxhKNMDLWOqc7IpMILo+sFG67vVFHYLX6Rq/jSZHngKIfM/l8291VGbWp+8dZTX3 WlPak45hzOohqfzZg0cQjCDBaYrXISk+VTc7sG7XyzFSS6ir5MhQ4gt43KWEU8pWG//M VG8g== X-Gm-Message-State: AIkVDXKAi16LwEvsuVogbyeMZpihFBb2dqf8lQvZU0cl00eFFWSFqkI+OkjpQb5TDeBp8Q== X-Received: by 10.84.232.137 with SMTP id i9mr76766796plk.95.1483232431405; Sat, 31 Dec 2016 17:00:31 -0800 (PST) Received: from [192.168.1.206] (ppp59-167-111-196.static.internode.on.net. [59.167.111.196]) by smtp.gmail.com with ESMTPSA id m12sm73926278pfg.92.2016.12.31.17.00.29 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 31 Dec 2016 17:00:29 -0800 (PST) From: Ben Woods Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (1.0) Date: Sun, 1 Jan 2017 09:00:27 +0800 Subject: Re: [FreeBSD-Announce] FreeBSD 9.3, 10.1 and 10.2 EoL Message-Id: <14AB27E4-1300-4649-A66A-B6977DA7280C@gmail.com> References: <20170101003519.3DA8C5681@freefall.freebsd.org> In-Reply-To: <20170101003519.3DA8C5681@freefall.freebsd.org> To: freebsd-security@freebsd.org X-Mailer: iPhone Mail (14C92) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jan 2017 01:00:32 -0000 Sent from my iPhone > On 1 Jan 2017, at 8:35 am, Xin LI wrote: > The currently supported branches and releases and their expected > end-of-life dates are: >=20 > +-------------------------------------------------------------------------= -+ > | Branch | Release | Type | Release Date | Estimated EoL = | > +-----------+------------+--------+----------------+----------------------= -+ > |stable/10 |n/a |n/a |n/a |last release + 2 years= | > +-----------+------------+--------+----------------+----------------------= -+ > |releng/10.3|10.3-RELEASE|Extended|April 4, 2016 |April 30, 2018 = | > +-------------------------------------------------------------------------= -+ > |stable/11 |n/a |n/a |n/a |last release + 2 years= | > +-----------+------------+--------+----------------+----------------------= -+ > |releng/11.0|11.0-RELEASE|Standard|October 10, 2016|11.1-RELEASE + 3 month= s| > +--------------------------------------------------+----------------------= -+ >=20 > Please refer to https://security.freebsd.org/ for an up-to-date list of > supported releases and the latest security advisories. Hi Xin Li, Happy new year. Just a heads up that I believe there was an error in this email regarding th= e EOL date of the stable/11 branch, which is specifically set at 30th Septem= ber 2021 (5 years after 11.0-RELEASE) rather than last release + 2 years. Regards, Ben From owner-freebsd-security@freebsd.org Sun Jan 1 07:15:52 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AD351C9AB41 for ; Sun, 1 Jan 2017 07:15:52 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "anubis.delphij.net", Issuer "StartCom Class 1 DV Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 92A0E1CCF for ; Sun, 1 Jan 2017 07:15:52 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from Xins-MacBook-Pro.local (c-73-189-16-150.hsd1.ca.comcast.net [73.189.16.150]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by anubis.delphij.net (Postfix) with ESMTPSA id 06D0246E5; Sat, 31 Dec 2016 23:15:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delphij.net; s=anubis; t=1483254946; x=1483269346; bh=IHajYNZ9Obr0SIuUcqlRyH0/4Xvhb8hPQhyzAs1VFYE=; h=Subject:To:References:Cc:From:Date:In-Reply-To; b=4lCulnjPvrncp7acTQ6z3iSIVaFXhyP06B11h9Fq6t2EFAIRX9in5b4kGqF5d70D1 1CCNytaR77ecQY+LrXwmAPR9AH/i5gO4lq+RUA3gVt5oRLEzIH7Tzd+9Yt4NUugWY3 OntUTPpT3FvwPRna+33lPNMHApheV6VjdYlD4RG0= Subject: Re: [FreeBSD-Announce] FreeBSD 9.3, 10.1 and 10.2 EoL To: Ben Woods , freebsd-security@freebsd.org References: <20170101003519.3DA8C5681@freefall.freebsd.org> <14AB27E4-1300-4649-A66A-B6977DA7280C@gmail.com> Cc: d@delphij.net From: Xin Li Message-ID: <3747f590-c689-a53e-ce1a-472a66a7581a@delphij.net> Date: Sat, 31 Dec 2016 23:15:44 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 MIME-Version: 1.0 In-Reply-To: <14AB27E4-1300-4649-A66A-B6977DA7280C@gmail.com> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="a3lWNJ3iEMhFrWDfMCaohAfw5k475Tkts" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jan 2017 07:15:52 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --a3lWNJ3iEMhFrWDfMCaohAfw5k475Tkts Content-Type: multipart/mixed; boundary="h3x87b5wf6I4IxhGswcdSc2OdmleSGHNg"; protected-headers="v1" From: Xin Li To: Ben Woods , freebsd-security@freebsd.org Cc: d@delphij.net Message-ID: <3747f590-c689-a53e-ce1a-472a66a7581a@delphij.net> Subject: Re: [FreeBSD-Announce] FreeBSD 9.3, 10.1 and 10.2 EoL References: <20170101003519.3DA8C5681@freefall.freebsd.org> <14AB27E4-1300-4649-A66A-B6977DA7280C@gmail.com> In-Reply-To: <14AB27E4-1300-4649-A66A-B6977DA7280C@gmail.com> --h3x87b5wf6I4IxhGswcdSc2OdmleSGHNg Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 12/31/16 17:00, Ben Woods wrote: >> +---------------------------------------------------------------------= -----+ >> |stable/11 |n/a |n/a |n/a |last release + 2 y= ears | >> +-----------+------------+--------+----------------+------------------= -----+ >> |releng/11.0|11.0-RELEASE|Standard|October 10, 2016|11.1-RELEASE + 3 m= onths| >> +--------------------------------------------------+------------------= -----+ >> [...] > Hi Xin Li, >=20 > Happy new year. Happy new year! > Just a heads up that I believe there was an error in this email regardi= ng the EOL date of the stable/11 branch, which is specifically set at 30t= h September 2021 (5 years after 11.0-RELEASE) rather than last release + = 2 years. Ah that's right. (I should have used the webpage contents directly). Cheers, --h3x87b5wf6I4IxhGswcdSc2OdmleSGHNg-- --a3lWNJ3iEMhFrWDfMCaohAfw5k475Tkts Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJYaKyiAAoJEJW2GBstM+nsdGYP/0sXVq4jfD+7R8Of/7LepcwD u50m/oLu7CEOOuLgJXE4cB3Sy/scv9jGzHNsdqiohXZ/xpzpg009MovAIb+brMNh inqu9YrynoM+VjFr4pCpvchppIgQTCS4JxExgpLo230jg8ln9xPIa15OxeDDf3K8 r27wQKQzlA5ffi1y382rbUF+gFWgmUTf9SjA2Yg0xt4Weo/Ic7hqfkHPvJ7cj7xr JfaDDQtEKaBT1TffSUcitAa7jdSNfxcF7L8/icvpeUl8p28o6pOFdHIUQlpafkGO Uaa9XGAkVVfDw98uhng99bGnSgTiNySeyyPCbHvBFpOg7Nhv36y6xdQY7QR4k0Fe tNUKB7gGLiYzLHvKeEHYcq4nYtthuiJi5K00jq7crScm3IUtl5zzBbI5mNbilOKT i3suthBayVPsspC/S1CBB06vBE0JSp55jPmNOK82dN9J6mwHC0svEEUU4D+MBC4i xv0dg0Erh5ZmNpW5Vy/UEmpgbSdc719mjciKh98hWGa3UQj7WU+ou8hU5x7RKWfT GrLJ8TgssWyLXfjn3X0e8kXDKPRZT5Y0Tf8mg1pjT3h53NEXSLIMRO6kb38ihLUn 9LW1EGw+j3ZIZdhXAIFRfL6Z2va8hGe8nzFFjLd1xHcSdhv5Lt8L+5qHZaRw2SUC VZX4CiH0RTLfXYzEZ3FA =h9Qs -----END PGP SIGNATURE----- --a3lWNJ3iEMhFrWDfMCaohAfw5k475Tkts-- From owner-freebsd-security@freebsd.org Sun Jan 1 10:17:34 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AD68AC9A3A8 for ; Sun, 1 Jan 2017 10:17:34 +0000 (UTC) (envelope-from mokhi64@gmail.com) Received: from mail-it0-x243.google.com (mail-it0-x243.google.com [IPv6:2607:f8b0:4001:c0b::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 785771B48 for ; Sun, 1 Jan 2017 10:17:34 +0000 (UTC) (envelope-from mokhi64@gmail.com) Received: by mail-it0-x243.google.com with SMTP id 75so45561945ite.1 for ; Sun, 01 Jan 2017 02:17:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=TASqsGyqlCyBmyXu3MYV98/GCkvX9uYtKS/X2OszwdY=; b=EbJm+c4kKcX8RY1zUO5s5hC9FBg4uLltaewGuVyzuK6Fdrnlnx82jk494G+jsQjoKd p8WBrM7xhyXNDyh4ixNwbYWKa3haAMT7HV5N3xwKBHx66UM59AGPxvBKBZvXvZ0L39sq jD6DMJLSFwsM3NRz+YaHf/FI2EvkjRnkQvnJo+3tqzZybW9LHSWbqPTRAYlOsuvT/19P /8xOHDtHG5U9k+3gLr09CV0ZfawespJFSuzdTatzetjzEa8s4T6mLBhRCwEsIQGSlKwn hPXwN6CIjAmTdo5mY+i1P2EGBKwOKZkb5JARs4UP1eOizHD2Oa5i4m6Ik+Maw8ffHi0G kgqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=TASqsGyqlCyBmyXu3MYV98/GCkvX9uYtKS/X2OszwdY=; b=skbYf9Lsoq7nVh5pmnzw/pWdzRadrmVO2eq6k+IXNvvG8JPFW0uIOA/BFQcCDnwm3/ TJgNxuiS++A4xlDyk/BOlnO1h9beTG2Tzw8lFOPopR7syvUHiXh8YDZiLJWvn4U2BbzF JpIdjVprSQIC31tuvIv+SWMIZBNk/UbzFfMCVA+Y8gD/ACuUwq0eiMoTc10bWTxQ5InT UP4+XB7eTcXcOnUCDI3ZUBOxI817dogJcAIrlgTFRKf43YJ31UDX/6+Cca9dbypeUlcR yqBGDVvtHr2qBTzcU8Wm73jujxcliQvH3Bc4ZUcuck7MtsFqhiaJcaHxRvSg8cotRHKW PZmA== X-Gm-Message-State: AIkVDXL4ggVKI0v4A2zlDjc5O0PSifrQTTBSd31vX3VaDBQNshFnYmez9x3menSA3dtIPYLpNINgU+yEooWsXw== X-Received: by 10.36.138.67 with SMTP id v64mr40702274itd.39.1483265853807; Sun, 01 Jan 2017 02:17:33 -0800 (PST) MIME-Version: 1.0 Received: by 10.107.153.14 with HTTP; Sun, 1 Jan 2017 02:17:33 -0800 (PST) In-Reply-To: <3747f590-c689-a53e-ce1a-472a66a7581a@delphij.net> References: <20170101003519.3DA8C5681@freefall.freebsd.org> <14AB27E4-1300-4649-A66A-B6977DA7280C@gmail.com> <3747f590-c689-a53e-ce1a-472a66a7581a@delphij.net> From: mokhi Date: Sun, 1 Jan 2017 13:47:33 +0330 Message-ID: Subject: Re: [FreeBSD-Announce] FreeBSD 9.3, 10.1 and 10.2 EoL To: Xin Li Cc: Ben Woods , freebsd-security@freebsd.org, d@delphij.net Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jan 2017 10:17:34 -0000 Happy new year :) > As of January 1, 2017, FreeBSD 9.3, 10.1 and 10.2 have reached end-of-life Does it mean it's no longer needed to test/poudriere the ports I patch/maintain for 9.X? Best wishes, Mokhi. From owner-freebsd-security@freebsd.org Sun Jan 1 16:54:09 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3374CC9A5E8 for ; Sun, 1 Jan 2017 16:54:09 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 02EE718B5 for ; Sun, 1 Jan 2017 16:54:08 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 844F1209B4; Sun, 1 Jan 2017 11:54:01 -0500 (EST) Received: from web3 ([10.202.2.213]) by compute3.internal (MEProxy); Sun, 01 Jan 2017 11:54:01 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=smtpout; bh=jV D9l7l0xdS4kB/bwFjJjC8GLBE=; b=WTorq60RYoqLGMTo7Nl6f4CfaP8HpnQUsV Pu9RWavii2qydZ11r7ReOyI05hgHvsgFdZeRtJGsi19c+oHl609uS6Pf9ssW5XCX lBtrQ6RgY1yHdeK/gQHH92KepyLNjLPWEVnQUmg2Y06/kEqGYnxRFNi6equg70Kb e0+3DQaP8= X-ME-Sender: Received: by mailuser.nyi.internal (Postfix, from userid 99) id 43B679ED3C; Sun, 1 Jan 2017 11:54:01 -0500 (EST) Message-Id: <1483289641.4166773.834366865.71CADA1E@webmail.messagingengine.com> From: Mark Felder To: mokhi Cc: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="utf-8" X-Mailer: MessagingEngine.com Webmail Interface - ajax-9c115fcf Subject: Re: [FreeBSD-Announce] FreeBSD 9.3, 10.1 and 10.2 EoL Date: Sun, 01 Jan 2017 10:54:01 -0600 In-Reply-To: References: <20170101003519.3DA8C5681@freefall.freebsd.org> <14AB27E4-1300-4649-A66A-B6977DA7280C@gmail.com> <3747f590-c689-a53e-ce1a-472a66a7581a@delphij.net> X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jan 2017 16:54:09 -0000 On Sun, Jan 1, 2017, at 04:17, mokhi wrote: > Happy new year :) > > As of January 1, 2017, FreeBSD 9.3, 10.1 and 10.2 have reached end-of-life > Does it mean it's no longer needed to test/poudriere the ports I > patch/maintain for 9.X? > Correct -- Mark Felder ports-secteam member feld@FreeBSD.org From owner-freebsd-security@freebsd.org Tue Jan 3 13:18:04 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7EE91C9B843 for ; Tue, 3 Jan 2017 13:18:04 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47C411ED7 for ; Tue, 3 Jan 2017 13:18:03 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id E388E28474 for ; Tue, 3 Jan 2017 14:11:37 +0100 (CET) Received: from illbsd.quip.test (ip-86-49-16-209.net.upcbroadband.cz [86.49.16.209]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 095EF28417 for ; Tue, 3 Jan 2017 14:11:37 +0100 (CET) To: freebsd security From: Miroslav Lachman <000.fbsd@quip.cz> Subject: VuXML entry for openssh - 10.3 sshd in base vulnerable Message-ID: <586BA308.8060402@quip.cz> Date: Tue, 3 Jan 2017 14:11:36 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:42.0) Gecko/20100101 Firefox/42.0 SeaMonkey/2.39 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jan 2017 13:18:04 -0000 Security entries for base are in VuXML for some time so we are checking it periodically. Now we have an alert for base sshd in 10.3-p14 and -15 too. # pkg audit FreeBSD-10.3_15 FreeBSD-10.3_15 is vulnerable: openssh -- multiple vulnerabilities CVE: CVE-2016-10010 CVE: CVE-2016-10009 WWW: https://vuxml.FreeBSD.org/freebsd/2aedd15f-ca8b-11e6-a9a5-b499baebfeaf.html 1 problem(s) in the installed packages found. But there is no advisory on https://www.freebsd.org/security/advisories.html for this problem. Is it false alarm? Or did I missed something? Miroslav Lachman From owner-freebsd-security@freebsd.org Fri Jan 6 15:36:51 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 22270CA2286 for ; Fri, 6 Jan 2017 15:36:51 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DC2B81A5A for ; Fri, 6 Jan 2017 15:36:50 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id B256428473 for ; Fri, 6 Jan 2017 16:36:48 +0100 (CET) Received: from illbsd.quip.test (ip-86-49-16-209.net.upcbroadband.cz [86.49.16.209]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id B00CF2846F for ; Fri, 6 Jan 2017 16:36:47 +0100 (CET) Subject: Re: VuXML entry for openssh - 10.3 sshd in base vulnerable To: freebsd security References: <586BA308.8060402@quip.cz> From: Miroslav Lachman <000.fbsd@quip.cz> Message-ID: <586FB98F.2050500@quip.cz> Date: Fri, 6 Jan 2017 16:36:47 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:42.0) Gecko/20100101 Firefox/42.0 SeaMonkey/2.39 MIME-Version: 1.0 In-Reply-To: <586BA308.8060402@quip.cz> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jan 2017 15:36:51 -0000 Miroslav Lachman wrote on 2017/01/03 14:11: > Security entries for base are in VuXML for some time so we are checking > it periodically. Now we have an alert for base sshd in 10.3-p14 and -15 > too. > > # pkg audit FreeBSD-10.3_15 > FreeBSD-10.3_15 is vulnerable: > openssh -- multiple vulnerabilities > CVE: CVE-2016-10010 > CVE: CVE-2016-10009 > WWW: > https://vuxml.FreeBSD.org/freebsd/2aedd15f-ca8b-11e6-a9a5-b499baebfeaf.html > > 1 problem(s) in the installed packages found. > > > But there is no advisory on > https://www.freebsd.org/security/advisories.html for this problem. > > Is it false alarm? Or did I missed something? 3 days without reply... Please, can somebody from FreeBSD team clarify if sshd in base is vulnerable or not? Kind regards Miroslav Lachman