[Bug 271839] crypto/openssh: Status of CVE-2023-28531

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 271839] crypto/openssh: Status of CVE-2023-28531"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 271839] crypto/openssh: Status of CVE-2023-28531"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 05 Jun 2023 12:28:58 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271839

            Bug ID: 271839
           Summary: crypto/openssh: Status of CVE-2023-28531
           Product: Base System
           Version: 12.4-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: bin
          Assignee: bugs@FreeBSD.org
          Reporter: pascal.bryner@hostpoint.ch

Since 03/17/2023 a critical vulnerability in openssh 8.9 up to 9.2 has been
reported:
https://www.openwall.com/lists/oss-security/2023/03/15/8

OpenSSH versions prior to 9.3 are susceptible to a vulnerability which when
successfully exploited could lead to disclosure of sensitive information,
addition or modification of data, or Denial of Service (DoS).

How is the status of this security-flaw?
According to https://nvd.nist.gov/vuln/detail/CVE-2023-28531 it has been rated
as 9.8/critical

-- 
You are receiving this mail because:
You are the assignee for the bug.