From owner-freebsd-security@freebsd.org Mon May 13 16:13:26 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 484B51593CF2 for ; Mon, 13 May 2019 16:13:26 +0000 (UTC) (envelope-from security@lordcow.org) Received: from mail.lordcow.org (lordcow.org [IPv6:2c0f:fb18:402:5::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "devaux.za.net", Issuer "Let's Encrypt Authority X3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id B1068886E9 for ; Mon, 13 May 2019 16:13:23 +0000 (UTC) (envelope-from security@lordcow.org) Received: from lordcow.org (localhost [127.0.0.1]) by mail.lordcow.org (8.15.2/8.15.2) with ESMTPS id x4DGDHdO004197 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 May 2019 18:13:17 +0200 (SAST) (envelope-from lordcow@lordcow.org) X-Authentication-Warning: lordcow.org: Host localhost [127.0.0.1] claimed to be lordcow.org Received: (from lordcow@localhost) by lordcow.org (8.15.2/8.15.2/Submit) id x4DGDBOS003919; Mon, 13 May 2019 18:13:11 +0200 (SAST) (envelope-from lordcow) Date: Mon, 13 May 2019 18:13:11 +0200 From: Gareth de Vaux To: Brett Glass Cc: FreeBSD-security@freebsd.org Subject: Re: POC and patch for the CVE-2018-15473 Message-ID: <20190513161311.GA3080@lordcow.org> References: <201905131551.JAA27159@mail.lariat.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201905131551.JAA27159@mail.lariat.net> User-Agent: Mutt/1.11.4 (2019-03-13) X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on lordcow.org X-Rspamd-Queue-Id: B1068886E9 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of security@lordcow.org designates 2c0f:fb18:402:5::2 as permitted sender) smtp.mailfrom=security@lordcow.org X-Spamd-Result: default: False [-2.18 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.95)[-0.948,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2c0f:fb18:402:5::2/64]; NEURAL_HAM_LONG(-0.99)[-0.992,0]; MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[]; DMARC_NA(0.00)[lordcow.org]; NEURAL_SPAM_SHORT(0.07)[0.074,0]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[mail.lordcow.org]; RCPT_COUNT_TWO(0.00)[2]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:37199, ipnet:2c0f:fb18::/32, country:ZA]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(-0.00)[country: ZA(-0.00)] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 May 2019 16:13:26 -0000 On Mon 2019-05-13 (09:51), Brett Glass wrote: > Is the FreeBSD port of OpenSSH 7.8 available for FreeBSD 11-STABLE > from the ports collection and as a binary package? If not, shouldn't it be? Yes, you can use the original at /usr/ports/security/openssh-portable