[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]


On Feb 9, 2001, Christian Hammers wrote:

> The ssh package at non-us.debian.org is ssh_2.3.0p1-1.11_i386.deb

What worries me is, the version of ssh on my machine is listed as:

ii  ssh            2.1.1p4-2      Secure rlogin/rsh/rcp replacement (OpenSSH)

which doesn't correspond to either the 2.3.0p1-1.11 package in unstable
or the 1.2.3-9.1 package in stable and testing -- or, for that matter,
to the 1.2.3-9 version that (IIRC) was listed as the vulnerable version
in the alert.  And even with security.debian.org in my sources.list,
'apt-get update; apt-get install ssh' insists that I have the latest
version.  Am I vulnerable?  If so, what do I need to upgrade to, and


Reply to: