Date: Fri, 4 Nov 2016 09:08:10 +0000 From: Vladimir Terziev <Vladimir.Terziev@bwinparty.com> To: Gregory Orange <gregory.orange@calorieking.com> Cc: "<freebsd-security@freebsd.org>" <freebsd-security@freebsd.org> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:33.openssh Message-ID: <97DEB29F-E625-4A74-9E1A-BC2A220DCF5A@bwinparty.com> In-Reply-To: <79b7122f-3b1a-377f-42bf-bd2851c5e6ae@calorieking.com> References: <20161102075533.8BBA114B5@freefall.freebsd.org> <201611021357.uA2DvHMW003088@higson.cam.lispworks.com> <CA%2B7WWSc%2B_Jjf%2BStVb2n367%2B7YSCw-RnGMTbT4nbaE88d_n57%2Bg@mail.gmail.com> <b8dcb2aa-4149-89ad-e519-8ce68922d0a8@FreeBSD.org> <24ff198d-9bd2-9842-50d8-8a1d5e2ecf8a@FreeBSD.org> <79b7122f-3b1a-377f-42bf-bd2851c5e6ae@calorieking.com>
index | next in thread | previous in thread | raw e-mail
Hi, if you look at the advisory, it states "Affects: All supported versions of FreeBSD.", while in the "Corrected" section 10.1 & 10.2 are missing. They are still supported, so the fix for them must be developed or they must be listed as not affected, if that's the case. Regards, Vladimir On Nov 4, 2016, at 11:01 AM, Gregory Orange <gregory.orange@calorieking.com> wrote: > On 04/11/16 16:39, Kubilay Kocak wrote: >> Security advisories should state explicitly when otherwise supported >> versions are not vulnerable. It's surprising this isn't already the case. > I disagree. If none of the version I have installed are listed, I don't read the rest of the advisory. Time saved. Listing them in a 'not affected' part of the message would add complexity and parsing for me - less time saved. > > Greg. > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?97DEB29F-E625-4A74-9E1A-BC2A220DCF5A>