Re: git: 66a620a734b4 - main - security/vuxml: Document OpenSSH vulnerability

In reply to: Bernard Spil : "git: 66a620a734b4 - main - security/vuxml: Document OpenSSH vulnerability"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Craig Leres <leres_at_freebsd.org>
Date: Mon, 01 Jul 2024 16:46:59 UTC

On 7/1/24 03:55, Bernard Spil wrote:
> The branch main has been updated by brnrd:
> 
> URL: https://cgit.FreeBSD.org/ports/commit/?id=66a620a734b489596452f342224330207c6e23b1
> 
> commit 66a620a734b489596452f342224330207c6e23b1
> Author:     Bernard Spil <brnrd@FreeBSD.org>
> AuthorDate: 2024-07-01 10:55:32 +0000
> Commit:     Bernard Spil <brnrd@FreeBSD.org>
> CommitDate: 2024-07-01 10:55:32 +0000
> 
>      security/vuxml: Document OpenSSH vulnerability
> ---
>   security/openssh-portable/Makefile                 | 13 +++++---
>   .../openssh-portable/files/patch-CVE-2024-6387     | 36 ++++++++++++++++++++++
>   security/vuxml/vuln/2024.xml                       | 26 ++++++++++++++++
>   3 files changed, 71 insertions(+), 4 deletions(-)
> 

> +	<name>openssh-portable</name>
> +	<range><lt>9.7_1,1</lt></range>

I think should be 9.7.p1_1,1 (my systems still report as vulnerable 
after installing)

		Craig

fun 28 # pkg info | fgrep openssh
openssh-portable-9.7.p1_1,1    The portable version of OpenBSD's OpenSSH
fun 29 # pkg audit -qF -f /var/db/pkg/vuln.xml
openssh-portable-9.7.p1_1,1