Security.html is out of date.
Chris High
highc at us.ibm.com
Wed May 9 02:09:52 EST 2007
Openssh team;
It has come to my attention that the information at:
http://www.openssh.org/security.html
does not include any security issues for openssh beyond 3.7. While I do
appreciate that the the security information is highlighted at release
publication, eg:
http://lists.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html
many folks are going to go to the main site, see the "security" link,
follow it; and not realize this page has not been kept up to date. I
strongly encourage that either the security page be updated to reflect the
security issues; or it be updated to reflect this:
:quote"
For openssh releases after 3.7, please subscribe to: openssh-unix-announce
which will highlight security fixes contained in the release.
"unquote:
If you would like to have the html needed to highlight all security
advisory items indicated in the various "openssh-unix-announce" notes, I
would be happy to send the HTML to you if provided a point to place the
document or email to send it to. The HTML I would provide includes a
bullet for each security item and for security items corrected since 3.7, a
link to the annonuce note, and a link to the corresponding CVE for those
newer items.
Thanks -
Chris
More information about the openssh-unix-dev
mailing list