rapier1
commented
3 months ago We've just been made aware of this but we already had started work on porting to 9.8. I hope to have a release ready by the end of the day but that may slip until tomorrow.
Closed IceCodeNew closed 3 months ago
rapier1
commented
3 months ago We've just been made aware of this but we already had started work on porting to 9.8. I hope to have a release ready by the end of the day but that may slip until tomorrow.
IceCodeNew
commented
3 months ago Glad to hear about it. I should not bother to ask ;=) Appreciate the quick response 👍👍👍
rapier1
commented
3 months ago We've had to change plans and we have backported the fix from 9.8 to the 9.7 code base. This is available in master with the tag hpn-18.4.2.
The 9.8 port is taking longer than expected - especially with the packages. We thought this was the best move forward at this time. We will get to 9.8 as soon as we can but the US holiday will delay things.
IceCodeNew
commented
3 months ago The debian packages seems missed the release. Would you mind to take a look at it?
rapier1
commented
3 months ago I didn't have a chance to get to those yesterday. I will be getting those in place in about an hour. My apologies for the delay.
rapier1
commented
3 months ago Debian packages should now be available from https://download.opensuse.org/repositories/home:/rapier1
Functional Ubuntu packages should also be available from the launchpad PPA.
IceCodeNew
commented
3 months ago The patched version is confirmed been available on Debian 12, rocky Linux 9.4, Fedora 40, & Ubuntu 22.04 ;-)
The latest release of the hpn-ssh was based on OpenSSH 9.7, which is vulnerable to the regression of CVE-2006-5051, according to the report
Thought it is worth raising concern about that problem, I wish I did not intervene in the normal process of development.