Ubuntu has issued an advisory on January 22: https://usn.ubuntu.com/usn/usn-3538-1/ They backported fixes for CVE-2016-10009 and CVE-2016-10011 to OpenSSH (for Ubuntu 14.04). We hadn't been able to backport these fixes ourselves before. These are minor issues and we don't need to issue an update for just these, but we can add Ubuntu's patches in SVN and save them for any future updates (if there are any).
Patches from Ubuntu added in Mageia 5 SVN.
Status comment: (none) => Fix checked into SVN
SUSE has issued an advisory for CVE-2016-10708 today (July 19): http://lists.suse.com/pipermail/sle-security-updates/2018-July/004283.html The SUSE bug has a link to the upstream commit that fixed the issue (in 7.4): https://bugzilla.suse.com/show_bug.cgi?id=1076957
openSUSE has issued an advisory for CVE-2016-10708 on July 28: https://lists.opensuse.org/opensuse-updates/2018-07/msg00086.html
One more fix to include: http://openwall.com/lists/oss-security/2018/08/15/5
(In reply to David Walser from comment #4) > One more fix to include: > http://openwall.com/lists/oss-security/2018/08/15/5 This is CVE-2018-15473: http://openwall.com/lists/oss-security/2018/08/17/8
The limited support Mga5 continued to have after its official EOL has ended, so closing this bug as OLD.
Status: NEW => RESOLVEDResolution: (none) => OLDCC: (none) => marja11