Date: Wed, 2 Nov 2016 13:57:17 GMT From: Martin Simmons <martin@lispworks.com> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:33.openssh Message-ID: <201611021357.uA2DvHMW003088@higson.cam.lispworks.com> In-Reply-To: <20161102075533.8BBA114B5@freefall.freebsd.org> (message from FreeBSD Security Advisories on Wed, 2 Nov 2016 07:55:33 %2B0000 (UTC)) References: <20161102075533.8BBA114B5@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> On Wed, 2 Nov 2016 07:55:33 +0000 (UTC), FreeBSD Security Advisories said: > > ============================================================================= > FreeBSD-SA-16:33.openssh Security Advisory > The FreeBSD Project > > Topic: OpenSSH Remote Denial of Service vulnerability > > Category: contrib > Module: OpenSSH > Announced: 2016-11-02 > Affects: All supported versions of FreeBSD. > Corrected: 2016-11-02 06:56:35 UTC (stable/11, 11.0-STABLE) > 2016-11-02 07:23:19 UTC (releng/11.0, 11.0-RELEASE-p3) > 2016-11-02 06:58:47 UTC (stable/10, 10.3-STABLE) > 2016-11-02 07:23:36 UTC (releng/10.3, 10.3-RELEASE-p12) > CVE Name: CVE-2016-8858 Should this be corrected in 10.1-RELEASE as well? I ask because Debian (https://security-tracker.debian.org/tracker/CVE-2016-8858) has marked it as vulnerable in OpenSSH 6.0 and OpenSSH 6.7 and it looks like 10.1-RELEASE contains OpenSSH 6.6, which I assume is also vulnerable. __Martin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201611021357.uA2DvHMW003088>