Re: SSH

To: debian-security@lists.debian.org
Subject: Re: SSH
From: Scott Bigham <dsb@killerbunnies.org>
Date: Fri, 9 Feb 2001 11:08:56 -0500 (EST)
Message-id: <Pine.LNX.4.20.0102091101070.3409-100000@firewall>
In-reply-to: <20010209153509.B14141@westend.com>

On Feb 9, 2001, Christian Hammers wrote:

> The ssh package at non-us.debian.org is ssh_2.3.0p1-1.11_i386.deb

What worries me is, the version of ssh on my machine is listed as:

ii  ssh            2.1.1p4-2      Secure rlogin/rsh/rcp replacement (OpenSSH)

which doesn't correspond to either the 2.3.0p1-1.11 package in unstable
or the 1.2.3-9.1 package in stable and testing -- or, for that matter,
to the 1.2.3-9 version that (IIRC) was listed as the vulnerable version
in the alert.  And even with security.debian.org in my sources.list,
'apt-get update; apt-get install ssh' insists that I have the latest
version.  Am I vulnerable?  If so, what do I need to upgrade to, and
how?

						-sbigham

Reply to:

References:
- Re: SSH
  - From: Christian Hammers <ch@westend.com>

Prev by Date: Re: SSH
Next by Date: RE: SSH
Previous by thread: Re: SSH
Next by thread: Re: SSH
Index(es):
- Date
- Thread