>>>>> On Wed, 2 Nov 2016 07:55:33 +0000 (UTC), FreeBSD Security Advisories >>>>> said: > > ============================================================================= > FreeBSD-SA-16:33.openssh Security Advisory > The FreeBSD Project > > Topic: OpenSSH Remote Denial of Service vulnerability > > Category: contrib > Module: OpenSSH > Announced: 2016-11-02 > Affects: All supported versions of FreeBSD. > Corrected: 2016-11-02 06:56:35 UTC (stable/11, 11.0-STABLE) > 2016-11-02 07:23:19 UTC (releng/11.0, 11.0-RELEASE-p3) > 2016-11-02 06:58:47 UTC (stable/10, 10.3-STABLE) > 2016-11-02 07:23:36 UTC (releng/10.3, 10.3-RELEASE-p12) > CVE Name: CVE-2016-8858
Should this be corrected in 10.1-RELEASE as well? I ask because Debian (https://security-tracker.debian.org/tracker/CVE-2016-8858) has marked it as vulnerable in OpenSSH 6.0 and OpenSSH 6.7 and it looks like 10.1-RELEASE contains OpenSSH 6.6, which I assume is also vulnerable. __Martin _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
