On Fri, 2023-07-28 at 10:46 +1200, Tom Isaacson wrote: > I'm a Yocto noob so apologies if this is an obvious question. > > I was just checking our usage of OpenSSH because of > https://www.cvedetails.com/cve/CVE-2023-38408/ and it appears: > 1. We're using a vulnerable version (9.3p1 on main, 8.9p1 on > Kirkstone/LTS) > 2. The ForwardAgent feature is enabled by default > ( > https://git.yoctoproject.org/poky/tree/meta/recipes-connectivity/opens > sh/openssh/ssh_config) > > There doesn't seem to be a bug for this yet > (https://bugzilla.yoctoproject.org/buglist.cgi?quicksearch=openssh). > > So what's the process? Is this already being worked on somewhere or > should I upgrade the version? If the latter should I do this on > Kirkstone (which is what we're using) then main? >
Usually, the version should be upgraded in master and only the fix backported in kirkstone. Thanks, Anuj
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#60671): https://lists.yoctoproject.org/g/yocto/message/60671 Mute This Topic: https://lists.yoctoproject.org/mt/100400877/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
