Re: Woody ssh exploit
I'm running woody but I have security.debian.org stable in my
apt sources.list file:
deb http://ftp.debian.org/debian woody main contrib non-free
deb http://non-us.debian.org woody/non-US main contrib non-free
deb http://security.debian.org stable/updates main contrib non-free
deb http://spidermonkey.helixcode.com/distributions/debian woody main
As a result "dpkg -s ssh" yields:
Status: install ok installed
Maintainer: Philip Hands <email@example.com>
And "zcat /usr/share/doc/ssh/changelog.Debian.gz | head" yields:
openssh (1:1.2.3-9.2) stable; urgency=high
* Non-maintainer upload by Security Team
* Added backported fix for a buffer overflow (thanks to Piotr
* Added modified build dependencies from unstable for convenience
* Added patch that fixes an rsa key exchange problem made public by CORE
which is the fixed version mentioned in the security alert.
Am I missing something here? I thought the security fix was
Quoting Richard (firstname.lastname@example.org):
> On Thu, 22 Feb 2001, Micah Anderson wrote:
> > Potato has a fix at
> > http://www.debian.org/security/2001/dsa-027
> > So how do we fix this on a woody machine?
> You could build it from the source pkg's.
> put some deb-src lines in y'r /etc/apt/sources.list
> apt-get (-b) source xxxx
> btw. howdo these 'Build-Depends' work?
> I alway find myself fetching, building, install additional pkgs by hand.