Re: SSH vulnerability
Hi
I have checked the source code and I can confirm that the code pointed to
https://security-tracker.debian.org/tracker/CVE-2024-6387
as "introduced with"
(https://github.com/openssh/openssh-portable/commit/752250caabda3dd24635503c4cd689b32a650794)
is not in the source, and therefore must have been introduced later.
Cheers
// Ola
On Mon, 1 Jul 2024 at 11:33, Marc SCHAEFER <schaefer@alphanet.ch> wrote:
>
> Hello,
>
> Regarding https://security-tracker.debian.org/tracker/CVE-2024-6387
> I guess *buster* is not affected either, because it did not
> integrate the patchset from 2020?
>
> I ask this even if buster LTS support stopped ... yesterday.
>
> I still have one server (upgrading today) which has a fully
> accessible SSH server on buster (actually it will be stopped
> during the upgrade, and then bullseye is marked non-vulnerable).
>
> But still, this is a big potential vulnerability, so maybe communicating
> on it should be a good idea.
>
> Have a nice day.
>
--
--- Inguza Technology AB --- MSc in Information Technology ----
| ola@inguza.com opal@debian.org |
| http://inguza.com/ Mobile: +46 (0)70-332 1551 |
---------------------------------------------------------------
Reply to: