On Sat, 10 Jun 2023, 19:39 Matthew Wilson, <matthew.wil...@agrigem.co.uk> wrote:
> Hi there, > > > > Do you have an update as to when the repository for Ubuntu 22.04.2 package > Open-SSH will be upgraded from 8.9 to 9.3 to patch the security issues as > it means our server is currently non-compliant. > Non complaint with what exactly? 9.3 is available in the current development release mantic. Note that 8.9 and 9.3 are major new upstream releases of openssh with new features and bugfixes. And are not indication of security vulnerabilities. When vulnerabilities arise, Ubuntu issues USN and a distribution patch update addressing vulnerability alone without upgrading to new major version. See https://ubuntu.com/security/notices In jammy we have shipped a Ubuntu patch level update to address a poll() issue. No other severe bugs or vulnerabilities are currently known in openssh. If you can disclose a currently non public vulnerability affecting openssh 8.9 through 9.3 you can do so by contacting Ubuntu Security desclosure team at secur...@ubuntu.com or opening an private security bug report on launchpad against distribution Ubuntu package openssh. Ps. Please do not use html signatures, especially those that contains ads, when contacting public mailing lists of opensource projects as that is considered off topic. You should be able to configure a different signature when emailing mailing lists, or manually turn it off during compose in your email client. -- > Ubuntu-devel-discuss mailing list > Ubuntu-devel-discuss@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss >
-- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss