[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]


On Tuesday, 17 December 2002, at 08:42:03 +0800,
Patrick Hsieh wrote:

> Woody is shipping OpenSSH_3.4p1. Before the security team confirm this 
> vulnerability and release the upgrade package, is there any way to patch and 
> repackage the woody openssh? I just can't find the patch against this 
> vulnerability.
When updated packages are not available as soon as I consider necessary,
I use to download the first SRPM (or whatever) package appears from one
vendor including the patch, locating it (in the .spec file it should be
the last "Patch"), and applying it to the Debian deb-src for the
package, and then repackaging it with "dpkg-buildpackage".

Maybe this is not the most elegant way to solve the problem, but hope it
works ok, and is reasonable easy. Just done it tonight with fetchmail
and the recently discovered root remote exploit, awaiting for a version
6.2.0 packaged for unstable :-)


Jose Luis Domingo Lopez
Linux Registered User #189436     Debian Linux Woody (Linux 2.4.20-xfs)

Reply to: