Hi, Thanks for commenting on this issue.
We have rated CVE-2016-10009 as a low-priority issue because an attacker would need to control both the forwarded agent socket and write access to the filesystem of the host running the agent, an unlikely scenario. Other Linux distributions have also rated it similarly and have not rolled out updates to fix the issue. That being said, we will be including the fix in our next round of OpenSSH security updates once a more important issue comes up. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1732172 Title: [CVE] Security Vulnerabilities in OpenSSH on Ubuntu 14.04 Status in openssh package in Ubuntu: Incomplete Bug description: Does anyone know when the following OpenSSH venerabilities will be patched on Ubuntu 14.04 CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012, CVE-2016-8858 As these are coming up repeatedly on or security scans To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1732172/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
