Is the security breech also present in openssh of wheezy-backports (openssh-server 1:6.6p1-4~bpo70+1, I guess yes because 1.6.0 and 1.6.7 are affected)?
Is wheezy-backports in generally supported or not by the LTS Team? Thank you for your quick answer! Regards, Adrian. On 26.07.16 23:24, Ola Lundqvist wrote: > Hi OpenSSH Maintainers and LTS team > > I have prepared a security update of openssh for wheezy. > > For more information about the issue solved see here: > https://security-tracker.debian.org/tracker/CVE-2016-6210 > I have applied the same patch as in sid and it applied fine, except that > I had to change a call to a clear memory function to a loop instead. ...or > This function is not available in wheezy. > > You can find the debdiff here: > http://apt.inguza.net/wheezy-security/openssh/CVE-2016-6210.debdiff > > You can also find the packages that I intend to upload here: > http://apt.inguza.net/wheezy-security/openssh/ > > I have regression tested and I could login still, and use the client too. > I could not reproduce the problem good enough to tell for sure that they > are solved. However they should be solved just as good as in sid and jessie. > > If no-one objects I will upload this package in four days, that is on > Saturday. > > Best regards > > // Ola
