Re: Which ssh should I have?

[Ville Uski <frtvu@fy.chalmers.se>]

* Ted Cabeen <ted@impulse.net> [011107 18:11]:
> Make sure that you have the security site in your
> /etc/apt/sources.list file.  If you do, and apt-get update; apt-get
> upgrade says you're up to date, then you're fine.  In general, the
> security team patches the current version to fix security bugs in
> stable rather than upgrade to a newer version.  That could be
> confusing your sysadmin.  The CRC bug was patched in debian as of ssh
> version 1.2.3-9.2.  You can look at the changelog in
> /usr/share/doc/ssh/changelog.Debian.gz for specific information.

Thanks for info. Yes, I have that line in my sources.list, and I also
believe I am fine. Our network admin used the nessus ssh plugin to scan
the network.  He only says that nessus gives a warning about my computer
(concerning the crc bug) and knows nothing more. He uses debian himself
but with openssh 2.9p. In his case nessus doesn't complain.