Re: [SECURITY] [DSA 119-1] ssh channel bug

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 119-1] ssh channel bug
From: John Reinke <jmreinke@falcon.cc.ku.edu>
Date: Sat, 9 Mar 2002 00:29:27 -0600 (CST)
Message-id: <[🔎] Pine.OSF.4.10.10203090022090.1069-100000@falcon.cc.ku.edu>
In-reply-to: <E16jR5A-0000IS-00@pandora.debian.org>

On Fri, 8 Mar 2002, Michael Stone wrote:

> Since Debian 2.2 (potato) shipped with OpenSSH (the "ssh" package)
> version 1.2.3, it is not vulnerable to this exploit. No fix is required
> for Debian 2.2 (potato).

According to the alert above, potato's version of OpenSSH is previous to
the ones concerned. On my plain potato box, I get:

$ ssh -V
SSH Version OpenSSH_2.3.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090600f).

I don't see version 1.2.3, but a 2x version. Can anyone explain why I
shouldn't be concerned?

John

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 119-1] ssh channel bug
  - From: NN_il_Confusionario <pinkof.pallus@tiscalinet.it>

Prev by Date: Re: ssh channel bug and woody update
Next by Date: Re: [SECURITY] [DSA 119-1] ssh channel bug
Previous by thread: Re: ssh channel bug and woody update
Next by thread: Re: [SECURITY] [DSA 119-1] ssh channel bug
Index(es):
- Date
- Thread