Both 10.1 and 10.2 are going to be unsupported by the end of this year, that's probably the reason the fix was not included in them.
https://www.freebsd.org/security/#sup -Kimmo On Wed, Nov 2, 2016 at 3:57 PM, Martin Simmons <mar...@lispworks.com> wrote: >>>>>> On Wed, 2 Nov 2016 07:55:33 +0000 (UTC), FreeBSD Security Advisories >>>>>> said: >> >> ============================================================================= >> FreeBSD-SA-16:33.openssh Security Advisory >> The FreeBSD Project >> >> Topic: OpenSSH Remote Denial of Service vulnerability >> >> Category: contrib >> Module: OpenSSH >> Announced: 2016-11-02 >> Affects: All supported versions of FreeBSD. >> Corrected: 2016-11-02 06:56:35 UTC (stable/11, 11.0-STABLE) >> 2016-11-02 07:23:19 UTC (releng/11.0, 11.0-RELEASE-p3) >> 2016-11-02 06:58:47 UTC (stable/10, 10.3-STABLE) >> 2016-11-02 07:23:36 UTC (releng/10.3, 10.3-RELEASE-p12) >> CVE Name: CVE-2016-8858 > > Should this be corrected in 10.1-RELEASE as well? > > I ask because Debian > (https://security-tracker.debian.org/tracker/CVE-2016-8858) has marked it as > vulnerable in OpenSSH 6.0 and OpenSSH 6.7 and it looks like 10.1-RELEASE > contains OpenSSH 6.6, which I assume is also vulnerable. > > __Martin > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org" _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
