On Mon, 14 Mar 2016, abhi dhiman wrote: > Hi All, > > Please direct me to the code changes for above vulnerabilities. > We don't have a vendor but we use Openssh in our software. So can't upgrade > it right now. OpenSSH is maintained by a small team who only have the resources to support the current version. If you need to generate cherry-pick patches then you'll either need to do it yourself or find a competent developer to do it for you. Finding them yourself isn't too hard: checkout the version containing the fix from git and look at the commit log. Security vulnerabilities usually preciptate a release quite quickly, so it will like be one of the last commits in the log. Do be careful: people have caused problem by mis-applying cherry-pick patches inappropriately before. It's much better just to use the latest version. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
