• @bisby
    link
    English
    216 months ago

    Except this isn’t true at all.

    https://security-tracker.debian.org/tracker/CVE-2024-6387

    Regresshion impacted bookworm and trixie both. Buster was too old.

    With the downside of me doing an apt update and seeing that openssh-server was on 1:9.2p1-2+deb12u3 and I had no idea at a glance if this included the fix or not (qualys’s page states version 8.5p1-9.8p1 were vulnerable).

    If you are running debian bookworm or trixie, you absolutely should update your openssh-server package.