On Wed, Aug 3, 2011 at 4:17 PM, Vinay Nagrik <vnagrik@gmail.com> wrote:

The reason we want to do it because there are many vulnerabilities in older versions of openssh.  Few are listed below.
Have you checked these against the rh security database? I'd be willing to bet that they've all been addressed via backported security fixes.

You should probably read over
https://access.redhat.com/security/updates/backporting/?sc_cid=3093

and then search the CVE's against

http://www.redhat.com/security/data/cve/

--
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell