** Changed in: openssh (Ubuntu)
       Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1863447

Title:
  openssh outdated by 8.2

Status in openssh package in Ubuntu:
  Fix Committed

Bug description:
  Hi,

  yeah, it's not yet a bug, but it will become a (security) bug within
  lifetime of 20.04 if not 'fixed'.

  Currently openssh for Ubuntu 20.04 is still on 8.1p1, while upstream
  the version 8.2 has just been released:

  https://lists.mindrot.org/pipermail/openssh-unix-
  announce/2020-February/000138.html

  It comes with important security updates, e.g. not accepting SHA-1 for
  key generation/signature anymore, and using FIDO2/U2F-tokens as a
  second factor. Especially the latter significantly improves security
  and helps against stealing keys and hijacking machines.

  It would be important (and nice) to have these improvements of
  security in Ubuntu 20.04.

  
  It might not yet be seen as a security vulnerability, but it will probably 
become one soon. 

  Thanks

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1863447/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to