Re: Critical: ssh-nonfree IS exploited
Adrian Bunk <bunk@fs.tum.de> writes:
> On Sun, 11 Nov 2001, Wichert Akkerman wrote:
>
> >...
> > > Sice there is no security alert and since it is onliy fixed in 1.2.27-6.2 or
> > > -7 we should warn our users explicitely. Especially sice it is not contained
> > > within potato.
> >
> > non-free is not technically part of Debian potato.
>
> You might be technically correct but IMHO the security of users running
> Debian is more important. (and after looking at [1] I see that this
> wouldn't be the first advisory for a non-free package)
Indeed; hasn't Netscape gotten a few? ;-) Could somebody on the
security team please do something with 1.2.27-6.2, which has been
sitting in proposed-updates for days? (Only for i386, granted, but
that's because I don't have anything else; the source should build
just fine on the other potato platforms.)
--
Aaron M. Ucko, KB1CJC <amu@mit.edu> (finger amu@monk.mit.edu)
Reply to: