On Tue, Sep 16, 2003 at 05:31:06PM +0200, Christian Hammers wrote: > The new version has already been installed. This was quick. Good work, > security team. > > openssh (1:3.4p1-1.1) stable-security; urgency=high > > * NMU by the security team. > * Merge patch from OpenBSD to fix a security problem in buffer handling > > -- Wichert Akkerman <wakkerma@debian.org> Tue, 16 Sep 2003 13:06:31 +0200 According to the DSA, this is based on the 3.7 fix. OpenSSH's site lists the only not vulnerable version as 3.7.1. In my mind, that means the ssh version on security.debian.org right now is _STILL_ vulnerable. I'm not a security expert, nor do I have time to actually see if that's true, so, I'm asking the list if anyone can confirm/deny that. -- Regards Birzan George Cristian
Attachment:
pgpDaKdYD2t8l.pgp
Description: PGP signature