RE: Vulnerable SSH versions
Thanks.
I've been keeping it up to date weekly or so, but just to be sure I
changed the sources.list to be "... potato/..." instead of "...
stable/..." for when "stable" changes.
Even a blank-disk install of Woody wasn't straight forward. The kernel
in the distribution tar file was 2.2.xx, changing to 2.4.9 was a bitch,
and it's already up to 2.4.12 or .14... I wonder if the tar file has
been changed to reflect the new kernel realities?
Curt-
-----Original Message-----
From: Ethan Benson [mailto:erbenson@alaska.net]
Sent: Tuesday, November 13, 2001 09:15
To: debian-security@lists.debian.org
Subject: Re: Vulnerable SSH versions
On Tue, Nov 13, 2001 at 09:02:56AM +0900, Howland, Curtis wrote:
> A quick question concerning such things...
>
> I have a remote server that I do not trust myself to upgrade from
> Potato(e) to Woody, and such vulnerabilities do worry me a little. Is
> there any general expectation that such "back porting" will continue
> once Woody is released?
when potato was released security updates for slink were discontinued
two monthes later. since potato is going to be even more fosselized
then slink was by the time woody is released i would expect a similar
timeframe (that and potato only has 6(?) architectures woody will have
something like 12 or more).
expect to have two months to upgrade your potato boxes before being on
your own in regards to security updates.
--
Ethan Benson
http://www.alaska.net/~erbenson/
Reply to: