Thanks a lot guys for the pointers. Regards Abhishek On 14-Mar-2016 11:30 pm, "Philip Hands" <phil@xxxxxxxxx> wrote: > abhi dhiman <abhi.dhiman83@xxxxxxxxx> writes: > > > Hi All, > > > > Actually I am working with the OpenSSH version 6.2p which is vulnerable > to > > above mentioned vulnerabilities. > > Are you sure? > > I was going to suggest that you take a look at Debian's packages, such > as the 6.0p1 package from "wheezy", but looking at the changelog, I only > see mention of CVE-2008-1483: > > > http://metadata.ftp-master.debian.org/changelogs/main/o/openssh/openssh_6.0p1-4+deb7u3_changelog > > Likewise for 6.6p1: > > > http://metadata.ftp-master.debian.org/changelogs/main/o/openssh/openssh_6.6p1-4~bpo70+1_changelog > > Note that CVE-2008-1483 was fixed in Debian's 4.7p1-5 package, in 22 Mar > 2008, so I'm wondering who would have supplied a vulnerable version of > 6.2p (release in 2012). > > It looks to me as though it was fixed in 4.9, so I'm very doubtful > about the assertion that 6.2 is vulnerable. > > As for CVE-2015-6565, this: > > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6565 > > claims that versions 6.8 and 6.9 are vulnerable, so again not 6.2. > > I'll leave you to look at the other two. > > Cheers, Phil. > -- > |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. > |-| http://www.hands.com/ http://ftp.uk.debian.org/ > |(| Hugo-Klemm-Strasse 34, 21075 Hamburg, GERMANY > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
