Both 10.1 and 10.2 are going to be unsupported by the end of this
year, that's probably the reason the fix was not included in them.
https://www.freebsd.org/security/#sup
-Kimmo
On Wed, Nov 2, 2016 at 3:57 PM, Martin Simmons <martin at lispworks.com>
wrote:>>>>>> On Wed, 2 Nov 2016 07:55:33 +0000 (UTC), FreeBSD
Security Advisories said:
>>
>>
============================================================================>>
FreeBSD-SA-16:33.openssh Security Advisory
>> The FreeBSD
Project
>>
>> Topic: OpenSSH Remote Denial of Service vulnerability
>>
>> Category: contrib
>> Module: OpenSSH
>> Announced: 2016-11-02
>> Affects: All supported versions of FreeBSD.
>> Corrected: 2016-11-02 06:56:35 UTC (stable/11, 11.0-STABLE)
>> 2016-11-02 07:23:19 UTC (releng/11.0, 11.0-RELEASE-p3)
>> 2016-11-02 06:58:47 UTC (stable/10, 10.3-STABLE)
>> 2016-11-02 07:23:36 UTC (releng/10.3, 10.3-RELEASE-p12)
>> CVE Name: CVE-2016-8858
>
> Should this be corrected in 10.1-RELEASE as well?
>
> I ask because Debian
> (https://security-tracker.debian.org/tracker/CVE-2016-8858) has marked it
as
> vulnerable in OpenSSH 6.0 and OpenSSH 6.7 and it looks like 10.1-RELEASE
> contains OpenSSH 6.6, which I assume is also vulnerable.
>
> __Martin
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at
freebsd.org"