Date: Fri, 4 Nov 2016 09:08:10 +0000 From: Vladimir Terziev <Vladimir.Terziev@bwinparty.com> To: Gregory Orange <gregory.orange@calorieking.com> Cc: "<freebsd-security@freebsd.org>" <freebsd-security@freebsd.org> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:33.openssh Message-ID: <97DEB29F-E625-4A74-9E1A-BC2A220DCF5A@bwinparty.com> In-Reply-To: <79b7122f-3b1a-377f-42bf-bd2851c5e6ae@calorieking.com> References: <20161102075533.8BBA114B5@freefall.freebsd.org> <201611021357.uA2DvHMW003088@higson.cam.lispworks.com> <CA%2B7WWSc%2B_Jjf%2BStVb2n367%2B7YSCw-RnGMTbT4nbaE88d_n57%2Bg@mail.gmail.com> <b8dcb2aa-4149-89ad-e519-8ce68922d0a8@FreeBSD.org> <24ff198d-9bd2-9842-50d8-8a1d5e2ecf8a@FreeBSD.org> <79b7122f-3b1a-377f-42bf-bd2851c5e6ae@calorieking.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, if you look at the advisory, it states "Affects: All supported versi= ons of FreeBSD.", while in the "Corrected" section 10.1 & 10.2 are missing. They are still supported, so the fix for them must be developed or they mus= t be listed as not affected, if that's the case. Regards, Vladimir On Nov 4, 2016, at 11:01 AM, Gregory Orange <gregory.orange@calorieking.com= > wrote: > On 04/11/16 16:39, Kubilay Kocak wrote: >> Security advisories should state explicitly when otherwise supported >> versions are not vulnerable. It's surprising this isn't already the case= . > I disagree. If none of the version I have installed are listed, I don't r= ead the rest of the advisory. Time saved. Listing them in a 'not affected' = part of the message would add complexity and parsing for me - less time sav= ed. >=20 > Greg. > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?97DEB29F-E625-4A74-9E1A-BC2A220DCF5A>