On 2017-01-27 15:35, Harald Dunkel wrote: Hi Harald, > openVAS still doesn't know about the fixes in Debian's package. > It complains about > > CVE-2016-6515 > CVE-2015-6564, CVE-2015-6563, CVE-2015-5600 > CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012 > CVE-2015-8325 > > AFAICT the 2016 issues are not fixed in Jessie's openssh. Here is the current state of openssh (also including on jessie): jessie ... 11 tracked issues open wheezy ... 10 tracked issues open stretch... 0 sid ... 0 For jessie there are an additional of 4 tracked issues open, but they are marked unimportant. https://security-tracker.debian.org/tracker/source-package/openssh JFYI, as the debian security tracker is not that widely known. gebi
Attachment:
signature.asc
Description: OpenPGP digital signature