Re: Critical: ssh-nonfree IS exploited

To: Adrian Bunk <bunk@fs.tum.de>
Cc: Wichert Akkerman <wichert@wiggy.net>, debian-devel@lists.debian.org, <security@debian.org>
Subject: Re: Critical: ssh-nonfree IS exploited
From: ucko@debian.org (Aaron M. Ucko)
Date: 11 Nov 2001 12:13:33 -0500
Message-id: <[🔎] udlhes1nsci.fsf@multics.mit.edu>
In-reply-to: <[🔎] Pine.NEB.4.40.0111111639020.6238-100000@mimas.fachschaften.tu-muenchen.de>
References: <[🔎] Pine.NEB.4.40.0111111639020.6238-100000@mimas.fachschaften.tu-muenchen.de>

Adrian Bunk <bunk@fs.tum.de> writes:

> On Sun, 11 Nov 2001, Wichert Akkerman wrote:
> 
> >...
> > > Sice there is no security alert and since it is onliy fixed in 1.2.27-6.2 or
> > > -7 we should warn our users explicitely. Especially sice it is not contained
> > > within potato.
> >
> > non-free is not technically part of Debian potato.
> 
> You might be technically correct but IMHO the security of users running
> Debian is more important. (and after looking at [1] I see that this
> wouldn't be the first advisory for a non-free package)

Indeed; hasn't Netscape gotten a few? ;-)  Could somebody on the
security team please do something with 1.2.27-6.2, which has been
sitting in proposed-updates for days?  (Only for i386, granted, but
that's because I don't have anything else; the source should build
just fine on the other potato platforms.)

-- 
Aaron M. Ucko, KB1CJC <amu@mit.edu> (finger amu@monk.mit.edu)

Reply to:

Follow-Ups:
- Re: Critical: ssh-nonfree IS exploited
  - From: Martin Schulze <joey@finlandia.infodrom.north.de>

References:
- Re: Critical: ssh-nonfree IS exploited
  - From: Adrian Bunk <bunk@fs.tum.de>

Prev by Date: Invitación
Next by Date: Bug#119145: ITP: ickle -- Yet another ICQ Client that supports the new ICQ2000 protocol
Previous by thread: Re: Critical: ssh-nonfree IS exploited
Next by thread: Re: Critical: ssh-nonfree IS exploited
Index(es):
- Date
- Thread