Question about regreSShion/CVE-2024-6387

Thomas Rolfes <thomas.rolfes@dormakaba.com>

Details

Message ID: <PA4PR03MB69759F2147175EAC161B3B0BEAA92@PA4PR03MB6975.eurprd03.prod.outlook.com>
DKIM signature: missing

Hello,

in this issue it is stated that CVE-2024-6387 has already been addressed.
https://gitlab.alpinelinux.org/alpine/aports/-/issues/16298

However, in the current alpine version 3.20.2 the OpenSSH Version is still 9.7 (see below).
Will the fix only be available in the "edge" version or is it planned for one of the next patches?
-------------------------------
# cat /etc/os-release
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.20.2
...

# sshd -V
OpenSSH_9.7p1, OpenSSL 3.3.1 4 Jun 2024
-------------------------------

Thanks a lot and best regards,
Thomas Rolfes

~alpine/users

Question about regreSShion/CVE-2024-6387