Re: openssh backport 4 Jessie?

To: debian-backports@lists.debian.org
Subject: Re: openssh backport 4 Jessie?
From: Michael Gebetsroither <michael@mgeb.org>
Date: Fri, 27 Jan 2017 16:30:41 +0100
Message-id: <[🔎] e9e4c029-8f99-b33c-558c-b73031e50e50@mgeb.org>
In-reply-to: <[🔎] 3246fea9-39f3-d957-37c6-184c5cd56c65@aixigo.de>
References: <[🔎] 52c3af26-f54c-98a9-f34d-04da3f7acdd7@aixigo.de> <[🔎] 6978623.kt9cL6DjWf@timo01.72b.tiwe.de> <[🔎] 3246fea9-39f3-d957-37c6-184c5cd56c65@aixigo.de>

On 2017-01-27 15:35, Harald Dunkel wrote:
Hi Harald,

> openVAS still doesn't know about the fixes in Debian's package.
> It complains about
> 
> 	CVE-2016-6515
> 	CVE-2015-6564, CVE-2015-6563, CVE-2015-5600
> 	CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012
> 	CVE-2015-8325
> 
> AFAICT the 2016 issues are not fixed in Jessie's openssh.

Here is the current state of openssh (also including on jessie):
jessie ... 11 tracked issues open
wheezy ... 10 tracked issues open
stretch...  0
sid    ...  0

For jessie there are an additional of 4 tracked issues open, but they
are marked unimportant.

https://security-tracker.debian.org/tracker/source-package/openssh
JFYI, as the debian security tracker is not that widely known.

gebi

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

References:
- openssh backport 4 Jessie?
  - From: Harald Dunkel <harald.dunkel@aixigo.de>
- Re: openssh backport 4 Jessie?
  - From: Timo Weingärtner <timo@tiwe.de>
- Re: openssh backport 4 Jessie?
  - From: Harald Dunkel <harald.dunkel@aixigo.de>

Prev by Date: Re: openssh backport 4 Jessie?
Next by Date: Re: broken dependency for sssd in Wheezy's backports
Previous by thread: Re: openssh backport 4 Jessie?
Next by thread: Broken dependency for dovecot-antispam in jessie-backports
Index(es):
- Date
- Thread