If there is a fixed version of a product listed in an advisory, then the fix was made regardless of the identified base OpenSSH version. Upgrading the product to avoid a scanner hit will result in max...If there is a fixed version of a product listed in an advisory, then the fix was made regardless of the identified base OpenSSH version. Upgrading the product to avoid a scanner hit will result in maximum effort for short-term gain since OpenSSH will continue to have vulnerabilities discovered. The resulting report lists potential vulnerabilities for follow-up, showing that vulnerable versions of code may be in use but should not be considered a report of exploitable issues.
