Re: openssh packages not vulnerable

To: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
Cc: Paul Baker <pbaker@where2getit.com>, <debian-security@lists.debian.org>
Subject: Re: openssh packages not vulnerable
From: John Galt <galt@inconnu.isu.edu>
Date: Thu, 27 Jun 2002 03:33:35 -0600 (MDT)
Message-id: <[🔎] Pine.LNX.4.44.0206270332360.5070-100000@inconnu.isu.edu>
Mail-followup-to: galt@inconnu.isu.edu
In-reply-to: <[🔎] 87lm91137y.fsf@CERT.Uni-Stuttgart.DE>

Note that Potato users actually BECAME vulnerable by installing this 
"security fix".

On Thu, 27 Jun 2002, Florian Weimer wrote:

>Paul Baker <pbaker@where2getit.com> writes:
>
>> So as it turns out, AFAIK, none of the versions of OpenSSH in Debian
>> were actually vulnerable to the exploit found by ISS and reported in
>> DSA-134
>
>The 3.3p1 packages are vulnerable in some configurations. :-(
>
>

-- 
 Customer:  "I'm running Windows '98"      Tech: "Yes."      Customer:
   "My computer isn't working now."     Tech: "Yes, you said that."

Who is John Galt?  galt@inconnu.isu.edu, that's who!


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Re: openssh packages not vulnerable
  - From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>

Prev by Date: Re: openssh packages not vulnerable
Next by Date: Re: OpenSSH vuln: BSD only?
Previous by thread: Re: openssh packages not vulnerable
Next by thread: FW: ISS Advisory: OpenSSH Remote Challenge Vulnerability
Index(es):
- Date
- Thread