Re: Woody ssh exploit
Hi,
I'm running woody but I have security.debian.org stable in my
apt sources.list file:
deb http://ftp.debian.org/debian woody main contrib non-free
deb http://non-us.debian.org woody/non-US main contrib non-free
deb http://security.debian.org stable/updates main contrib non-free
deb http://spidermonkey.helixcode.com/distributions/debian woody main
As a result "dpkg -s ssh" yields:
Package: ssh
Status: install ok installed
Priority: optional
Section: non-US/main
Installed-Size: 503
Maintainer: Philip Hands <phil@hands.com>
Source: openssh
Version: 1:1.2.3-9.2
...
And "zcat /usr/share/doc/ssh/changelog.Debian.gz | head" yields:
openssh (1:1.2.3-9.2) stable; urgency=high
* Non-maintainer upload by Security Team
* Added backported fix for a buffer overflow (thanks to Piotr
Roszatycki)
* Added modified build dependencies from unstable for convenience
* Added patch that fixes an rsa key exchange problem made public by CORE
SDI.
which is the fixed version mentioned in the security alert.
Am I missing something here? I thought the security fix was
installed.
Stuart
Quoting Richard (ricv@denhaag.org):
>
>
> On Thu, 22 Feb 2001, Micah Anderson wrote:
>
> > Potato has a fix at
> > http://www.debian.org/security/2001/dsa-027
> >
> > So how do we fix this on a woody machine?
> You could build it from the source pkg's.
>
> put some deb-src lines in y'r /etc/apt/sources.list
> apt-get (-b) source xxxx
> btw. howdo these 'Build-Depends' work?
> I alway find myself fetching, building, install additional pkgs by hand.
> [RicV]
>
>
Reply to: