[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security update of openssh for wheezy

Is the security breech also present in openssh of wheezy-backports
(openssh-server 1:6.6p1-4~bpo70+1, I guess yes because 1.6.0 and 1.6.7
are affected)?

Is wheezy-backports in generally supported or not by the LTS Team?

Thank you for your quick answer!

Regards, Adrian.

On 26.07.16 23:24, Ola Lundqvist wrote:
> Hi OpenSSH Maintainers and LTS team
> I have prepared a security update of openssh for wheezy.
> For more information about the issue solved see here:
> https://security-tracker.debian.org/tracker/CVE-2016-6210
> I have applied the same patch as in sid and it applied fine, except that
> I had to change a call to a clear memory function to a loop instead. ...or 
> This function is not available in wheezy.
> You can find the debdiff here:
> http://apt.inguza.net/wheezy-security/openssh/CVE-2016-6210.debdiff
> You can also find the packages that I intend to upload here:
> http://apt.inguza.net/wheezy-security/openssh/
> I have regression tested and I could login still, and use the client too.
> I could not reproduce the problem good enough to tell for sure that they
> are solved. However they should be solved just as good as in sid and jessie.
> If no-one objects I will upload this package in four days, that is on
> Saturday.
> Best regards
> // Ola

Reply to: