Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 3 Nov 2016 11:41:01 +0200
From:      Kimmo Paasiala <kpaasial@gmail.com>
To:        Martin Simmons <martin@lispworks.com>
Cc:        freebsd-security <freebsd-security@freebsd.org>
Subject:   Re: FreeBSD Security Advisory FreeBSD-SA-16:33.openssh
Message-ID:  <CA%2B7WWSc%2B_Jjf%2BStVb2n367%2B7YSCw-RnGMTbT4nbaE88d_n57%2Bg@mail.gmail.com>
In-Reply-To: <201611021357.uA2DvHMW003088@higson.cam.lispworks.com>
References:  <20161102075533.8BBA114B5@freefall.freebsd.org> <201611021357.uA2DvHMW003088@higson.cam.lispworks.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Both 10.1 and 10.2 are going to be unsupported by the end of this
year, that's probably the reason the fix was not included in them.

https://www.freebsd.org/security/#sup

-Kimmo

On Wed, Nov 2, 2016 at 3:57 PM, Martin Simmons <martin@lispworks.com> wrote:
>>>>>> On Wed,  2 Nov 2016 07:55:33 +0000 (UTC), FreeBSD Security Advisories said:
>>
>> =============================================================================
>> FreeBSD-SA-16:33.openssh                                    Security Advisory
>>                                                           The FreeBSD Project
>>
>> Topic:          OpenSSH Remote Denial of Service vulnerability
>>
>> Category:       contrib
>> Module:         OpenSSH
>> Announced:      2016-11-02
>> Affects:        All supported versions of FreeBSD.
>> Corrected:      2016-11-02 06:56:35 UTC (stable/11, 11.0-STABLE)
>>                 2016-11-02 07:23:19 UTC (releng/11.0, 11.0-RELEASE-p3)
>>                 2016-11-02 06:58:47 UTC (stable/10, 10.3-STABLE)
>>                 2016-11-02 07:23:36 UTC (releng/10.3, 10.3-RELEASE-p12)
>> CVE Name:       CVE-2016-8858
>
> Should this be corrected in 10.1-RELEASE as well?
>
> I ask because Debian
> (https://security-tracker.debian.org/tracker/CVE-2016-8858) has marked it as
> vulnerable in OpenSSH 6.0 and OpenSSH 6.7 and it looks like 10.1-RELEASE
> contains OpenSSH 6.6, which I assume is also vulnerable.
>
> __Martin
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2B7WWSc%2B_Jjf%2BStVb2n367%2B7YSCw-RnGMTbT4nbaE88d_n57%2Bg>