From owner-freebsd-security@freebsd.org Fri Nov 4 09:23:22 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D2DFEC2B80E for ; Fri, 4 Nov 2016 09:23:22 +0000 (UTC) (envelope-from Vladimir.Terziev@bwinparty.com) Received: from mgate03.itsfogo.com (mgate03.itsfogo.com [195.72.134.149]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "*.itsfogo.com", Issuer "thawte SSL CA - G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 72AE11F02 for ; Fri, 4 Nov 2016 09:23:21 +0000 (UTC) (envelope-from Vladimir.Terziev@bwinparty.com) From: Vladimir Terziev To: Gregory Orange CC: "" Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:33.openssh Thread-Topic: FreeBSD Security Advisory FreeBSD-SA-16:33.openssh Thread-Index: AQHSNN7BbY0D6VxgfU+pGovJvHKQ76DFu4c+gAE2voCAAA+YAIABcaiAgAAGLYCAAAG6AA== Date: Fri, 4 Nov 2016 09:08:10 +0000 Message-ID: <97DEB29F-E625-4A74-9E1A-BC2A220DCF5A@bwinparty.com> References: <20161102075533.8BBA114B5@freefall.freebsd.org> <201611021357.uA2DvHMW003088@higson.cam.lispworks.com> <24ff198d-9bd2-9842-50d8-8a1d5e2ecf8a@FreeBSD.org> <79b7122f-3b1a-377f-42bf-bd2851c5e6ae@calorieking.com> In-Reply-To: <79b7122f-3b1a-377f-42bf-bd2851c5e6ae@calorieking.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Apple Mail (2.1510) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [10.138.239.254] Content-Type: text/plain; charset="us-ascii" Content-ID: <1F2AFFF1A4049E40A913E84742AB26F4@bwinparty.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailman-Approved-At: Fri, 04 Nov 2016 10:51:38 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Nov 2016 09:23:22 -0000 Hi, if you look at the advisory, it states "Affects: All supported versi= ons of FreeBSD.", while in the "Corrected" section 10.1 & 10.2 are missing. They are still supported, so the fix for them must be developed or they mus= t be listed as not affected, if that's the case. Regards, Vladimir On Nov 4, 2016, at 11:01 AM, Gregory Orange wrote: > On 04/11/16 16:39, Kubilay Kocak wrote: >> Security advisories should state explicitly when otherwise supported >> versions are not vulnerable. It's surprising this isn't already the case= . > I disagree. If none of the version I have installed are listed, I don't r= ead the rest of the advisory. Time saved. Listing them in a 'not affected' = part of the message would add complexity and parsing for me - less time sav= ed. >=20 > Greg. > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g"