[Touch-packages] [Bug 1863447] Re: openssh outdated by 8.2
Ubuntu 20.04/focal was released with 8.2p1. ** Changed in: openssh (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1863447 Title: openssh outdated by 8.2 Status in openssh package in Ubuntu: Fix Released Bug description: Hi, yeah, it's not yet a bug, but it will become a (security) bug within lifetime of 20.04 if not 'fixed'. Currently openssh for Ubuntu 20.04 is still on 8.1p1, while upstream the version 8.2 has just been released: https://lists.mindrot.org/pipermail/openssh-unix- announce/2020-February/000138.html It comes with important security updates, e.g. not accepting SHA-1 for key generation/signature anymore, and using FIDO2/U2F-tokens as a second factor. Especially the latter significantly improves security and helps against stealing keys and hijacking machines. It would be important (and nice) to have these improvements of security in Ubuntu 20.04. It might not yet be seen as a security vulnerability, but it will probably become one soon. Thanks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1863447/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1863447] Re: openssh outdated by 8.2
** Changed in: openssh (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1863447 Title: openssh outdated by 8.2 Status in openssh package in Ubuntu: Fix Committed Bug description: Hi, yeah, it's not yet a bug, but it will become a (security) bug within lifetime of 20.04 if not 'fixed'. Currently openssh for Ubuntu 20.04 is still on 8.1p1, while upstream the version 8.2 has just been released: https://lists.mindrot.org/pipermail/openssh-unix- announce/2020-February/000138.html It comes with important security updates, e.g. not accepting SHA-1 for key generation/signature anymore, and using FIDO2/U2F-tokens as a second factor. Especially the latter significantly improves security and helps against stealing keys and hijacking machines. It would be important (and nice) to have these improvements of security in Ubuntu 20.04. It might not yet be seen as a security vulnerability, but it will probably become one soon. Thanks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1863447/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1863447] Re: openssh outdated by 8.2
I'm already working on this. ** Changed in: openssh (Ubuntu) Importance: Undecided => High ** Changed in: openssh (Ubuntu) Status: New => In Progress ** Changed in: openssh (Ubuntu) Assignee: (unassigned) => Colin Watson (cjwatson) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1863447 Title: openssh outdated by 8.2 Status in openssh package in Ubuntu: In Progress Bug description: Hi, yeah, it's not yet a bug, but it will become a (security) bug within lifetime of 20.04 if not 'fixed'. Currently openssh for Ubuntu 20.04 is still on 8.1p1, while upstream the version 8.2 has just been released: https://lists.mindrot.org/pipermail/openssh-unix- announce/2020-February/000138.html It comes with important security updates, e.g. not accepting SHA-1 for key generation/signature anymore, and using FIDO2/U2F-tokens as a second factor. Especially the latter significantly improves security and helps against stealing keys and hijacking machines. It would be important (and nice) to have these improvements of security in Ubuntu 20.04. It might not yet be seen as a security vulnerability, but it will probably become one soon. Thanks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1863447/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1863447] Re: openssh outdated by 8.2
Hi Hadmut, we had the same discussion over the weekend if 8.2 would be good to have in 20.04. I subscribed cjwatson who usually does openssh updates to comment on his intentions in this regard. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1863447 Title: openssh outdated by 8.2 Status in openssh package in Ubuntu: New Bug description: Hi, yeah, it's not yet a bug, but it will become a (security) bug within lifetime of 20.04 if not 'fixed'. Currently openssh for Ubuntu 20.04 is still on 8.1p1, while upstream the version 8.2 has just been released: https://lists.mindrot.org/pipermail/openssh-unix- announce/2020-February/000138.html It comes with important security updates, e.g. not accepting SHA-1 for key generation/signature anymore, and using FIDO2/U2F-tokens as a second factor. Especially the latter significantly improves security and helps against stealing keys and hijacking machines. It would be important (and nice) to have these improvements of security in Ubuntu 20.04. It might not yet be seen as a security vulnerability, but it will probably become one soon. Thanks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1863447/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1863447] Re: openssh outdated by 8.2
** Tags added: upgrade-software-version -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1863447 Title: openssh outdated by 8.2 Status in openssh package in Ubuntu: New Bug description: Hi, yeah, it's not yet a bug, but it will become a (security) bug within lifetime of 20.04 if not 'fixed'. Currently openssh for Ubuntu 20.04 is still on 8.1p1, while upstream the version 8.2 has just been released: https://lists.mindrot.org/pipermail/openssh-unix- announce/2020-February/000138.html It comes with important security updates, e.g. not accepting SHA-1 for key generation/signature anymore, and using FIDO2/U2F-tokens as a second factor. Especially the latter significantly improves security and helps against stealing keys and hijacking machines. It would be important (and nice) to have these improvements of security in Ubuntu 20.04. It might not yet be seen as a security vulnerability, but it will probably become one soon. Thanks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1863447/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
