[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: (fwd) OpenSSH trojan!

I wanna make it clear.

We are using OpenSSH_3.4p1 Debian 1:3.4p1-1, SSH protocols 1.5/2.0,
OpenSSL 0x0090603f

and we installed the ssh from the deb packages using
apt-get install utility.

I wonder if there is any risk on this stable version of OpenSSH (Debian)
undependent from openbsd's source tarball?

if there is, how can i fix it with the real stable one?


On Fri, 2 Aug 2002, Vincent Hanquez wrote:

> On Fri, Aug 02, 2002 at 03:36:53PM +0200, Florian Weimer wrote:
> > Vincent Hanquez <tab@crans.org> writes:
> > 
> > > as the others said, no.
> > > only Openbsd source package has been trojaned
> > 
> > No, both 3.4p1 and 3.2.2p1 (portable versions) have been changed, too.
> sorry i've forget a word. I was speaking of Openbsd's ftp.
> -- 
> Tab
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: