Re: openssh packages not vulnerable

To: debian-security@lists.debian.org
Subject: Re: openssh packages not vulnerable
From: Richard <ricv@denhaag.org>
Date: Wed, 26 Jun 2002 22:50:03 +0200 (MEST)
Message-id: <[🔎] Pine.LNX.4.21.0206262246220.6641-100000@gatekeeper.jane.org>
In-reply-to: <[🔎] DAAC5C7D-893B-11D6-8A0B-0003937562B8@where2getit.com>

On Wed, 26 Jun 2002, Paul Baker wrote:

> I'm curious what recourse Debian is planning to take now? Perhaps 
> removing the buggy OpenSSH 3.3 packages off of security.debian.org so 
> people don't upgrade to it since it's not at all necessary and it will 
> only cause problems like screwing up compression and pam.

Even worse, on 2.0.x kernels "PrivilegeSeparation" doesn't work,
rendinging sshd useless for interactive sessions or make it vurneble is
you disable it. 

[RicV]

-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: openssh packages not vulnerable
  - From: Paul Baker <pbaker@where2getit.com>

References:
- openssh packages not vulnerable
  - From: Paul Baker <pbaker@where2getit.com>

Prev by Date: Re: unsubscribe
Next by Date: Re: openssh packages not vulnerable
Previous by thread: Re: openssh packages not vulnerable
Next by thread: Re: openssh packages not vulnerable
Index(es):
- Date
- Thread