Hello,

Regarding https://security-tracker.debian.org/tracker/CVE-2024-6387
I guess *buster* is not affected either, because it did not
integrate the patchset from 2020?

I ask this even if buster LTS support stopped ... yesterday.

I still have one server (upgrading today) which has a fully
accessible SSH server on buster (actually it will be stopped
during the upgrade, and then bullseye is marked non-vulnerable).

But still, this is a big potential vulnerability, so maybe communicating
on it should be a good idea.

Have a nice day.

Reply via email to