Re: Open-SSH server

[Dimitri John Ledkov]

On Sat, 10 Jun 2023, 19:39 Matthew Wilson, 
wrote:

> Hi there,
>
>
>
> Do you have an update as to when the repository for Ubuntu 22.04.2 package
> Open-SSH will be upgraded from 8.9 to 9.3 to patch the security issues as
> it means our server is currently non-compliant.
>

Non complaint with what exactly? 9.3 is available in the current
development release mantic. Note that 8.9 and 9.3 are major new upstream
releases of openssh with new features and bugfixes. And are not indication
of security vulnerabilities. When vulnerabilities arise, Ubuntu issues USN
and a distribution patch update addressing vulnerability alone without
upgrading to new major version. See https://ubuntu.com/security/notices

In jammy we have shipped a Ubuntu patch level update to address a poll()
issue. No other severe bugs or vulnerabilities are currently known in
openssh. If you can disclose a currently non public vulnerability affecting
openssh 8.9 through 9.3 you can do so by contacting Ubuntu Security
desclosure team at  secur...@ubuntu.com or opening an private security bug
report on launchpad against distribution Ubuntu package openssh.

Ps. Please do not use html signatures, especially those that contains ads,
when contacting public mailing lists of opensource projects as that is
considered off topic. You should be able to configure a different signature
when emailing mailing lists, or manually turn it off during compose in your
email client.

--
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss@lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Open-SSH server

[Robie Basak]

[dropping Debian Cc as Debian isn't involved in security updates to
Ubuntu]

On Fri, Jun 09, 2023 at 11:54:24AM +, Matthew Wilson wrote:
> Do you have an update as to when the repository for Ubuntu 22.04.2
> package Open-SSH will be upgraded from 8.9 to 9.3 to patch the
> security issues as it means our server is currently non-compliant.

It most likely won't be.

"Ubuntu, like most other Linux distros, releases security updates by
patching specific issues rather than updating whole versions of
software." (https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions)

If you are interested in the security patching status of a specific
vulnerability and know the CVE number of that vulnerability, you can
look it up here: https://ubuntu.com/security/cves

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Open-SSH server

[Jeffrey Walton]

On Sat, Jun 10, 2023 at 2:39 PM Matthew Wilson 
wrote:

> Hi there,
>
>
>
> Do you have an update as to when the repository for Ubuntu 22.04.2 package
> Open-SSH will be upgraded from 8.9 to 9.3 to patch the security issues as
> it means our server is currently non-compliant.
>
>
>
> Kind Regards,
>

Is this a real question or a new way to distribute spam?

You can read about Ubuntu's patch policy at
https://wiki.ubuntu.com/StableReleaseUpdates .

Debian has similar policies and procedures, but Ubuntu's takes precedence
because of Canonical's administration of the distro.

Jeff
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss