[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: openssh_7.2p2+ availability for wheezy

On 27/07/2017 15:53, Thorsten Glaser wrote:

On Thu, 27 Jul 2017, Adam Weremczuk wrote:

These are the vulnerability I'm referring to and they have been addressed in
OpenSSH versions 6.6 and 7.2p2:
That’s *upstream* version numbers. As Roberto said, the LTS team
will take those changes (and *only* those security-related fixes),
backport them to the old wheezy version and upload that regularily
to the wheezy-security suite.

So, just use these packages. They bear an old *upstream* version
number and lack the new *upstream* features, but they have all
the security fixes backported.

Hi Thorsten,

Are you saying that if I:
- add
deb http://ftp.debian.org/debian wheezy-backports main
to /etc/apt/sources.list
- apt-get update
- apt-get upgrade openssh-server

I will have all security patches (ever implemented for openssh-server for any Debian distro) despite the version still reporting as 1:6.0p1-4+deb7u6 ?

How to I hard prove it and convince the external company flagging it on our server?

Does their flagging mean they don't know how Debian security patching works?


Reply to: