Re: openssh packages not vulnerable
Paul Baker <pbaker@where2getit.com> writes:
> So as it turns out, AFAIK, none of the versions of OpenSSH in Debian
> were actually vulnerable to the exploit found by ISS and reported in
> DSA-134
The 3.3p1 packages are vulnerable in some configurations. :-(
--
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: