Re: Security update of openssh for wheezy
Is the security breech also present in openssh of wheezy-backports
(openssh-server 1:6.6p1-4~bpo70+1, I guess yes because 1.6.0 and 1.6.7
are affected)?
Is wheezy-backports in generally supported or not by the LTS Team?
Thank you for your quick answer!
Regards, Adrian.
On 26.07.16 23:24, Ola Lundqvist wrote:
> Hi OpenSSH Maintainers and LTS team
>
> I have prepared a security update of openssh for wheezy.
>
> For more information about the issue solved see here:
> https://security-tracker.debian.org/tracker/CVE-2016-6210
> I have applied the same patch as in sid and it applied fine, except that
> I had to change a call to a clear memory function to a loop instead. ...or
> This function is not available in wheezy.
>
> You can find the debdiff here:
> http://apt.inguza.net/wheezy-security/openssh/CVE-2016-6210.debdiff
>
> You can also find the packages that I intend to upload here:
> http://apt.inguza.net/wheezy-security/openssh/
>
> I have regression tested and I could login still, and use the client too.
> I could not reproduce the problem good enough to tell for sure that they
> are solved. However they should be solved just as good as in sid and jessie.
>
> If no-one objects I will upload this package in four days, that is on
> Saturday.
>
> Best regards
>
> // Ola
Reply to: