[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH



On Tue, Dec 17, 2002 at 08:42:03AM +0800, Patrick Hsieh wrote:
> Woody is shipping OpenSSH_3.4p1. Before the security team confirm this 
> vulnerability and release the upgrade package, is there any way to patch and 
> repackage the woody openssh? I just can't find the patch against this 
> vulnerability.

Why would you want to?  The advisory indicates that it is unlikely (for
whatever that's worth) that any OpenSSH version are vulnerable at all.
3.5 certainly doesn't fix nonexistant problems, so I don't see any
reason to view this advisory as a reason to upgrade.

noah

-- 
 _______________________________________________________
| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html 

Attachment: pgpGZYBD0xuOv.pgp
Description: PGP signature


Reply to: