Re: ssh vulernability
On Fri, Oct 19, 2001 at 03:26:18PM -0800, Ethan Benson wrote:
> On Fri, Oct 19, 2001 at 06:06:34PM -0400, firstname.lastname@example.org wrote:
> > Has debian released a new ssh dpkg yet?
If this is about the buffer overflow exploit that's supposed to be
going around now, wasn't this fixed in the following:
openssh (1:1.2.3-9.2) stable; urgency=high
* Non-maintainer upload by Security Team
* Added backported fix for a buffer overflow (thanks to Piotr
* Added modified build dependencies from unstable for convenience
* Added patch that fixes an rsa key exchange problem made public by CORE
-- Martin Schulze <email@example.com> Thu, 8 Feb 2001 22:15:04 +0100
If it's a different exploit entirely, please ignore.
Mike Renfro / R&D Engineer, Center for Manufacturing Research,
931 372-3601 / Tennessee Technological University -- firstname.lastname@example.org