RE: SSH
Scott-
It seems to me you have the OPENSSH implementation of SSH. The SSH that is
being talked about in this thread is the "commercial" version of SSH.
Distinct difference :)
Henrik
---
Henrik Hudson
Microsoft: "Where would you like to go to today"
Linux: "Where would you like to go tomorrow"
FreeBSD: "Hey, when are you guys going to catch up"
> -----Original Message-----
> From: Scott Bigham [mailto:dsb@killerbunnies.org]
> Sent: Friday, February 09, 2001 10:09
> To: debian-security@lists.debian.org
> Subject: Re: SSH
>
>
> On Feb 9, 2001, Christian Hammers wrote:
>
> > The ssh package at non-us.debian.org is
> ssh_2.3.0p1-1.11_i386.deb
>
> What worries me is, the version of ssh on my machine is listed as:
>
> ii ssh 2.1.1p4-2 Secure rlogin/rsh/rcp
> replacement (OpenSSH)
>
> which doesn't correspond to either the 2.3.0p1-1.11
> package in unstable
> or the 1.2.3-9.1 package in stable and testing -- or, for
> that matter,
> to the 1.2.3-9 version that (IIRC) was listed as the
> vulnerable version
> in the alert. And even with security.debian.org in my
> sources.list,
> 'apt-get update; apt-get install ssh' insists that I have
> the latest
> version. Am I vulnerable? If so, what do I need to
> upgrade to, and
> how?
>
> -sbigham
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
Reply to: