Re: openssh packages not vulnerable

To: Paul Baker <pbaker@where2getit.com>
Cc: debian-security@lists.debian.org
Subject: Re: openssh packages not vulnerable
From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
Date: Thu, 27 Jun 2002 11:27:13 +0200
Message-id: <[🔎] 87lm91137y.fsf@CERT.Uni-Stuttgart.DE>
In-reply-to: <[🔎] DAAC5C7D-893B-11D6-8A0B-0003937562B8@where2getit.com> (Paul Baker's message of "Wed, 26 Jun 2002 14:35:21 -0500")
References: <[🔎] DAAC5C7D-893B-11D6-8A0B-0003937562B8@where2getit.com>

Paul Baker <pbaker@where2getit.com> writes:

> So as it turns out, AFAIK, none of the versions of OpenSSH in Debian
> were actually vulnerable to the exploit found by ISS and reported in
> DSA-134

The 3.3p1 packages are vulnerable in some configurations. :-(

-- 
Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: openssh packages not vulnerable
  - From: John Galt <galt@inconnu.isu.edu>

References:
- openssh packages not vulnerable
  - From: Paul Baker <pbaker@where2getit.com>

Prev by Date: Re: OpenSSH vuln: BSD only?
Next by Date: Re: openssh packages not vulnerable
Previous by thread: Re: openssh packages not vulnerable
Next by thread: Re: openssh packages not vulnerable
Index(es):
- Date
- Thread