On Mon, Sep 26, 2016 at 02:52:00PM +0000, Stephan Beck wrote: > Hi Lisi,
> If you look at the second line of the terminal output I reproduced, you > find that the openssl component in use within the package openssh Debian > Jessie is one step behind. "Standalone" OpenSSL package is now at > version 1.0.1t-1+deb8u5 since September 23. > > > me@mymachine:~/.ssh$ ssh -vv me@theremoteserver > > OpenSSH_6.7p1 Debian-5+deb8u3, OpenSSL 1.0.1t 3 May 2016 > Yeah there was a Debian security advisory last week with a security patch for OpenSSL. I thought the fix was already in place, certainly I got an update for OpenSSH when I updated on Sunday. Does anyone know what upstream version contains the fixes natively? I'm wondering if my other non-Jessie (and non-Debian) systems need an update too... Mark
