We failed a pci-dss compliance test because the version of openSSH for 11.3 doesn't have the fix for CVE-2011-0539. In fact, there hasn't been any update to openSSH for 11.3 since Jun 2010. I can see that the fix is in the version in factory. The change log has: - Update to 5.8p1 * Fix vulnerability in legacy certificate signing introduced in OpenSSH-5.6 and found by Mateusz Kocielski. which looks like the fix for CVE-2011-0539. Two questions: 1/ Is there any reason why this fix hasn't been ported to 11.3? 2/ Any reason why I might have problems taking the factory source and building it for myself? Paul -- Paul Reeves -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org