Re: OSVDB 72183

To: Karl Schmidt <karl@xtronics.com>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: OSVDB 72183
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Tue, 09 Apr 2013 19:23:14 +0100
Message-id: <[🔎] 1365531794.19973.6.camel@jacala.jungle.funky-badger.org>
In-reply-to: <[🔎] 51645854.4030205@xtronics.com>
References: <[🔎] 51645854.4030205@xtronics.com>

On Tue, 2013-04-09 at 13:05 -0500, Karl Schmidt wrote:
> I'm getting flagged for http://osvdb.org/72183 On Debian Stable - can't find where this has been 
> addressed?

"Flagged" by what? Following the links from that URL leads to
http://www.openssh.com/txt/portable-keysign-rand-helper.adv , which
quite clearly says:

	2. Affected configurations

        Portable OpenSSH prior to version 5.8p2 only on platforms
        that are configured to use ssh-rand-helper for entropy
        collection.
[...]
	Platforms that support /dev/random or otherwise
        configure OpenSSL with a random number provider are not
        vulnerable.

        In particular, *BSD, OS X, Cygwin and Linux are not
        affected.

Regards,

Adam

Reply to:

Follow-Ups:
- Re: OSVDB 72183
  - From: Michael Gilbert <mgilbert@debian.org>

References:
- OSVDB 72183
  - From: Karl Schmidt <karl@xtronics.com>

Prev by Date: OSVDB 72183
Next by Date: Re: OSVDB 72183
Previous by thread: OSVDB 72183
Next by thread: Re: OSVDB 72183
Index(es):
- Date
- Thread