The issue was originally reported to us as affecting OpenSSH 6.8+
(reference: RedHat bugtracker
https://bugzilla.redhat.com/show_bug.cgi?id=1384860), and therefore
9.3, 10.1 and 10.2 were not believed to be affected, so the "Affects:
All supported versions of FreeBSD" was a mistake in the original
On Fri, Nov 04, 2016 at 04:03:04PM +, org.freebsd.secur...@io7m.com wrote:
> Hello.
>
> Are there any plans to provide PGP signatures on base.txz, kernel.txz,
> and friends? Right now, the only (apparent) way to obtain them is via
> http://ftp.freebsd.org over unsecured HTTP (the HTTPS certifi
Hello.
Are there any plans to provide PGP signatures on base.txz, kernel.txz,
and friends? Right now, the only (apparent) way to obtain them is via
http://ftp.freebsd.org over unsecured HTTP (the HTTPS certificate is
misconfigured; it's for download.freebsd.org) and no signature files are
provided
Hi,
if you look at the advisory, it states "Affects:All supported versions
of FreeBSD.", while in the "Corrected" section 10.1 & 10.2 are missing.
They are still supported, so the fix for them must be developed or they must be
listed as not affected, if that's the case.
Regards,
Vlad
On 04/11/16 16:39, Kubilay Kocak wrote:
Security advisories should state explicitly when otherwise supported
versions are not vulnerable. It's surprising this isn't already the case.
I disagree. If none of the version I have installed are listed, I don't
read the rest of the advisory. Time saved
On 3/11/2016 9:36 PM, Matthew Seaman wrote:
> On 2016/11/03 09:41, Kimmo Paasiala wrote:
>> Both 10.1 and 10.2 are going to be unsupported by the end of this
>> year, that's probably the reason the fix was not included in them.
>>
>> https://www.freebsd.org/security/#sup
>>
>
> Yes, but 10.1 an
