Date: Fri, 30 Nov 2018 13:40:58 +0000 From: "Chisholm, Rick" <rick.chisholm@hubinternational.com> To: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: OpenSSH CVE-2018-15473 Message-ID: <0054FFE9E041FC4EB2D50A99E26B120A9F8AB5@EDCV-XHG-TNP01.hub.local>
next in thread | raw e-mail | index | archive | help
V29uZGVyaW5nIHdoYXQgdGhlIEZyZWVCU0Qgc2VjdXJpdHkgdGVhbeKAmXMgcG9zaXRpb24gaXMg b24gdGhpcyBwYXJ0aWN1bGFyIGlzc3VlLiBUaGVyZSBkb2VzbuKAmXQgc2VlbSB0byBiZSBhIHJ1 c2ggdG8gYWRkcmVzcyBpdCwgc29tZSB2ZW5kb3JzIGhhdmUsIG90aGVycyBoYXZlIG5vdC4gQW55 IGludGVudGlvbnMgdG8gYmFja3BvcnQgdGhlIHBhdGNoIG9yIGFkb3B0IHRoZSBsYXRlc3Qgb3Bl bnNzaCB2ZXJzaW9uPw0KDQpbSFVCIEludGVybmF0aW9uYWxdPGh0dHA6Ly93d3cuaHViaW50ZXJu YXRpb25hbC5jb20vPg0KDQpbaHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tL2h1Yi1zaWduYXR1cmUt Z2VuZXJhdG9yL2h1Yi10YWdsaW5lLnBuZ10NCg0KUmljayBDaGlzaG9sbQ0KSVQgU2VjdXJpdHkg T2ZmaWNlciwgSFVCIEN1c3RvbWVyIENlbnRyYWwgKEhDQykNCg0KSFVCIEludGVybmF0aW9uYWwN CjM2MDAg4oCLUmhvZGVzIOKAi0RyaXZlDQpXaW5kc29yLOKAi09OIOKAi044VyA1QTQNCg0KT2Zm aWNlOiA1MTkt4oCLOTQ1LTQ5NDMgZXh0LiA0NDQ0DQpUb2xsLWZyZWU6IDgwMC3igIszOTYtMTk4 Ng0KRmF4OiA1MTkt4oCLOTc0LTcyOTANCnJpY2suY2hpc2hvbG1AaHViaW50ZXJuYXRpb25hbC5j b208bWFpbHRvOnJpY2suY2hpc2hvbG1AaHViaW50ZXJuYXRpb25hbC5jb20+DQpodWJpbnRlcm5h dGlvbmFsLmNvbTxodHRwOi8vd3d3Lmh1YmludGVybmF0aW9uYWwuY29tLz4NCg0KW0ZhY2Vib29r XTxodHRwczovL3d3dy5mYWNlYm9vay5jb20vSFVCSW50ZXJuYXRpb25hbExpbWl0ZWQ+W0xpbmtl ZEluXTxodHRwczovL3d3dy5saW5rZWRpbi5jb20vY29tcGFueS9odWItaW50ZXJuYXRpb25hbD5b VHdpdHRlcl08aHR0cHM6Ly90d2l0dGVyLmNvbS9IVUJJbnN1cmFuY2U+DQoNCkNvbmZpZGVudGlh bGl0eSBOb3RpY2U6IFRoaXMgZWxlY3Ryb25pYyBtZXNzYWdlLCB0b2dldGhlciB3aXRoIGl0cyBh dHRhY2htZW50cywgaWYgYW55LCBpcyBpbnRlbmRlZCB0byBiZSB2aWV3ZWQgb25seSBieSB0aGUg aW5kaXZpZHVhbCB0byB3aG9tIGl0IGlzIGFkZHJlc3NlZC4gSXQgbWF5IGNvbnRhaW4gaW5mb3Jt YXRpb24gdGhhdCBpcyBwcml2aWxlZ2VkLCBjb25maWRlbnRpYWwsIHByb3RlY3RlZCBoZWFsdGgg aW5mb3JtYXRpb24gYW5kL29yIGV4ZW1wdCBmcm9tIGRpc2Nsb3N1cmUgdW5kZXIgYXBwbGljYWJs ZSBsYXcuIEFueSBkaXNzZW1pbmF0aW9uLCBkaXN0cmlidXRpb24gb3IgY29weWluZyBvZiB0aGlz IGNvbW11bmljYXRpb24gaXMgc3RyaWN0bHkgcHJvaGliaXRlZCB3aXRob3V0IG91ciBwcmlvciBw ZXJtaXNzaW9uLiBJZiB0aGUgcmVhZGVyIG9mIHRoaXMgbWVzc2FnZSBpcyBub3QgdGhlIGludGVu ZGVkIHJlY2lwaWVudCBvciBpZiB5b3UgaGF2ZSByZWNlaXZlZCB0aGlzIGNvbW11bmljYXRpb24g aW4gZXJyb3IsIHBsZWFzZSBub3RpZnkgdXMgaW1tZWRpYXRlbHkgYnkgcmV0dXJuIGUtbWFpbCBh bmQgZGVsZXRlIHRoZSBvcmlnaW5hbCBtZXNzYWdlIGFuZCBhbnkgY29waWVzIG9mIGl0IGZyb20g eW91ciBjb21wdXRlciBzeXN0ZW0uDQoNCg== From owner-freebsd-security@freebsd.org Fri Nov 30 23:47:17 2018 Return-Path: <owner-freebsd-security@freebsd.org> Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9DC3D11533AD for <freebsd-security@mailman.ysv.freebsd.org>; Fri, 30 Nov 2018 23:47:17 +0000 (UTC) (envelope-from marquis@roble.com) Received: from mx5.roble.com (mx5.roble.com [209.237.23.5]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (Client CN "mx5.roble.com", Issuer "mx5.roble.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 932CC7C9D8 for <freebsd-security@freebsd.org>; Fri, 30 Nov 2018 23:47:16 +0000 (UTC) (envelope-from marquis@roble.com) Received: from roble.com (roble.com [209.237.23.50]) by mx5.roble.com (Postfix) with ESMTP id AB23A15C32 for <freebsd-security@freebsd.org>; Fri, 30 Nov 2018 15:47:07 -0800 (PST) Date: Fri, 30 Nov 2018 15:47:07 -0800 (PST) From: Roger Marquis <marquis@roble.com> To: freebsd-security@freebsd.org Subject: Re: Interim support guarantee for FreeBSD 12 Message-ID: <nycvar.OFS.7.76.444.1811301534170.21448@mx.roble.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-Rspamd-Queue-Id: 932CC7C9D8 X-Spamd-Result: default: False [4.15 / 15.00]; TO_DN_NONE(0.00)[]; MX_GOOD(-0.01)[mx4.roble.com,mx7.roble.com]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:17403, ipnet:209.237.0.0/18, country:US]; IP_SCORE(-0.02)[country: US(-0.09)]; ARC_NA(0.00)[]; FAKE_REPLY(1.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_SPAM_SHORT(0.70)[0.699,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; DMARC_NA(0.00)[roble.com]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_SPAM_MEDIUM(0.72)[0.719,0]; NEURAL_SPAM_LONG(0.87)[0.865,0]; R_SPF_NA(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" <freebsd-security.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>; List-Post: <mailto:freebsd-security@freebsd.org> List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, <mailto:freebsd-security-request@freebsd.org?subject=subscribe> X-List-Received-Date: Fri, 30 Nov 2018 23:47:17 -0000 FYI re potential cuts to STABLE long-term support. Does this affect the RELEASE branch as well? Anyone know where this is being discussed? The announcement mentions community feedback but that seems unlikely given there has been no mention of it on the freebsd-security list. Roger Marquis >Date: Wed, 28 Nov 2018 11:04:48 -0400 >From: FreeBSD Core Team Secretary <core-secretary@FreeBSD.org> >To: freebsd-announce@freebsd.org >Subject: [FreeBSD-Announce] Interim support guarantee for FreeBSD 12 > >Dear FreeBSD community, > >The Core Team, in consultation with Release Engineering, the Security >Team, and Port Manager has decided that we need to reevaluate the 5-year >support of stable branches starting with stable/12. A changed security >landscape, increased toolchain velocity, and shorter support windows for >our upstream components necessitate this reevaluation. > >We will be leading discussions on updating our support model, with the >goal of making the model sustainable for the Project. These >discussions, which will include opportunities for community feedback, >will be complete by March 31, 2019. > >Regardless of the outcome of the discussions, we guarantee support for >the stable/12 branch for at least 18 months, or at least 6 months after >13.0 is released, whichever is later. Again, these are minimum >durations for the stable/12 branch support and they will not be reduced. > >After these discussions are complete, there will be a revised statement >about the stable/12 branch lifetime. > >Release Engineering, the Security Team, Port Manager, and the Core Team
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0054FFE9E041FC4EB2D50A99E26B120A9F8AB5>