Re: SSH

To: debian-security@lists.debian.org
Subject: Re: SSH
From: Jose Luis Domingo Lopez <debian-security@24x7linux.com>
Date: Tue, 17 Dec 2002 02:02:11 +0100
Message-id: <20021217010211.GA3929@localhost>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <200212170842.03717.pahud@ezplay.tv>
References: <20021216225215.GA5610@zionlth.org> <20021216232417.GA9640@jazzman> <200212170842.03717.pahud@ezplay.tv>

On Tuesday, 17 December 2002, at 08:42:03 +0800,
Patrick Hsieh wrote:

> Woody is shipping OpenSSH_3.4p1. Before the security team confirm this 
> vulnerability and release the upgrade package, is there any way to patch and 
> repackage the woody openssh? I just can't find the patch against this 
> vulnerability.
> 
When updated packages are not available as soon as I consider necessary,
I use to download the first SRPM (or whatever) package appears from one
vendor including the patch, locating it (in the .spec file it should be
the last "Patch"), and applying it to the Debian deb-src for the
package, and then repackaging it with "dpkg-buildpackage".

Maybe this is not the most elegant way to solve the problem, but hope it
works ok, and is reasonable easy. Just done it tonight with fetchmail
and the recently discovered root remote exploit, awaiting for a version
6.2.0 packaged for unstable :-)

Regards.

-- 
Jose Luis Domingo Lopez
Linux Registered User #189436     Debian Linux Woody (Linux 2.4.20-xfs)

Reply to:

References:
- SSH
  - From: Phillip Hofmeister <plhofmei@zionlth.org>
- Re: SSH
  - From: Edward Guldemond <thedebategod@yifan.net>
- Re: SSH
  - From: Patrick Hsieh <pahud@ezplay.tv>

Prev by Date: Re: SSH
Next by Date: Re: smtp-auth
Previous by thread: Re: SSH
Next by thread: Re: SSH
Index(es):
- Date
- Thread