From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: OpenSSH client bug CVE-2016-0777
Date: Sun, 17 Jan 2016 19:16:15 +0000
Message-ID: <1453058175.5665.110.camel@ipfire.org>
In-Reply-To: <569B6B61.7050905@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5489389420020962578=="
List-Id: <development.lists.ipfire.org>

--===============5489389420020962578==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

Hi,

On Sun, 2016-01-17 at 11:22 +0100, Matthias Fischer wrote:
> Hi Michael,
> 
> On 14.01.2016 18:56, Michael Tremer wrote:
> > could you please update OpenSSH to the latest version to fix the
> > latest
> > security bugs:
> > 
> >    http://www.undeadly.org/cgi?action=article&sid=20160114142733
> > 
> > It should not be anything difficult, but should be patched in
> > IPFire
> > today if we can.
> 
> Since there was no further feedback on this and because I don't know 
> exactly, when the next update will be ready (or if the patch came too
> late?):

Nah the patch is alright. Also merged.

> Would it make sense, if I offer an update on the list - to those
> which 
> are interested in testing it - the same way as 'dnsmasq 2.75'?

An update to what? Like binary? Probably not because we want to have a
defined state of the machines. So when people install Core Update X, we
should be sure that there is actually the full set of software
installed and running.

> 
> Its running without seen problems here since 15.01.2016 / ~6pm. ;-)
> 
> Package is at the usual place:
> http://people.ipfire.org/~mfischer/openssh-7.1p2-for-ipfire.tar.gz
> MD5: 6b8d0a7abd429014a942bad6371f2cf4
> 
> Best,
> Matthias

-Michael

P.S. Don't forget to CC the list.

--===============5489389420020962578==
Content-Type: application/pgp-signature
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="signature.asc"
MIME-Version: 1.0

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjEKCmlRSWNCQUFC
Q2dBR0JRSldtK2gvQUFvSkVJQjU4UDl2a0FrSEd2MFFBSXY5eEcwQXlBWUZic3J6VyszMGFvekwK
Z0NVRHo2YjBnYnozbzZLdHVQWGVMa0toTzE3dTNJb3ZJb0wzanZNTldNaGtPUGJNeE0yRlBRcXQw
UFdMMUltUApXMzJKQUhMN1FWbkJJbHBBNlBLMkpGQVlvelpzd29xQVYrRjk5a3hlMGI3Y2lhMGFM
WFNxVUVLVS9xZVZxZ0hvClR0V0JFQmZ5RHFTTjE0ODkrR0c0L0t3amtrQW4wZUxKVkw4M00wMTEw
QTdtdG5pTXpuUVZ2SllJY0FDOHhlOUEKWHFjSEtoZFpPMFpHYk13NFE1SU82cmE1KzQvYVU5MzRo
R0pDVHV6ZFRhd2Fkdm0zQ3VrNVZzYUVSRmtMQ2lQZAovbG13OWh6R2Q4bkdFcmVzWDNKUm03MkZt
SWd4S3duMFZ6c1ZmTE5UZzRkMHRQK0FhaGJDS01xRGFPZFF0dGxvCkE5aG1uZ2MvZXpwdnArcWtL
NzZ3L3RDaUV5WkpLaGtXZ2tRcktmSEdGUmF1dnJFWFh4NURCb0k0MDBrOXlqNGoKMko0MzJvcC9H
UGpFam1ZQnhmQnp3N2g5YmhpeXdzT2ZKeDQrbE1wMFA1WXp2NEdtdmM0WXpNUGdIKzlROGhodgo1
b3MrV0Z5SVFYc1JJNDhINWV0YVR1S25IN1FGN2dHcmo1NnVXa05hamN1WFBNRFlwNXQ1em53Z2xB
L0tqOG1aCkFHamFuQnpUcGNwYjRHaXdCSkRnaTZxYlF6NmZVdVFuLzRjcW12UjZqTUtDNDdrV0Vr
K3pYdUhDS09idUt4aXoKTWRTRHM2dnoxaDc1R1QweGRnbklXb3BhTGZqeTJQK3hTN1BnQWZ6clZo
dDVwY0VKZEk2bUQxeXozMWx3MmlUVwpPbDl6enVoaEVnMVhNZm0rWkMwWAo9U1Q5MQotLS0tLUVO
RCBQR1AgU0lHTkFUVVJFLS0tLS0K

--===============5489389420020962578==--