Date: Wed, 05 Dec 2018 14:27:23 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 233801] FreeBSD 11.x vulnerability in OpenSSH Message-ID: <bug-233801-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D233801 Bug ID: 233801 Summary: FreeBSD 11.x vulnerability in OpenSSH Product: Base System Version: 11.2-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: i.dani@outlook.com https://nvd.nist.gov/vuln/detail/CVE-2017-15906 - Has not been fixed in Fre= eBSD 11.x Is there a special reason for this or was it forgotten?=20 These are the mentioned lines: https://svnweb.freebsd.org/base/releng/11.2/crypto/openssh/sftp-server.c?vi= ew=3Dmarkup#l694 A fix is availible (and has been released with v7.6 - so FBSD 12 isn't vulnerable) - see:=20 =20=20 https://github.com/vmware/photon/blob/master/SPECS/openssh/openssh-CVE-2017= -15906.patch or from OpenBSD:=20 =20=20 https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00= a19 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-233801-227>