Re: (fwd) OpenSSH trojan!

To: debian-security@lists.debian.org
Subject: Re: (fwd) OpenSSH trojan!
From: Sebastien Chaumat <schaumat@libertysurf.fr>
Date: 01 Aug 2002 15:06:07 +0200
Message-id: <[🔎] 1028207167.32264.75.camel@muetdhiver>
In-reply-to: <[🔎] 20020801131659.GB22653@keitarou.bubblesworth.net>
References: <[🔎] 20020801120621.GA1506@magma.ca> <[🔎] 20020801122306.GW14326@vnl.com> <[🔎] 1028205067.32263.69.camel@muetdhiver> <[🔎] 20020801131659.GB22653@keitarou.bubblesworth.net>

Le jeu 01/08/2002 à 15:16, Paul Hampson a écrit :
> On Thu, Aug 01, 2002 at 02:31:07PM +0200, Sebastien Chaumat wrote:
> >  Is there any source signing mechanism available in Debian?
> 
> There is, in that the MD5 sum of the .orig.tar.gz goes into
> the .dsc file.
> 
> Not that it would affect this case, since the trojan would have
> been in the tar.gz which had it's MD5 recorded. Although it
> would only affect people who built the package anyway.
> 

 I guess in the future (see the apt-src and co threads on devel) more 
and more people will auto-build packages localy. This will become a
serious issue then.

SEb

Reply to:

Follow-Ups:
- Re: (fwd) OpenSSH trojan!
  - From: Dale Amon <amon@vnl.com>

References:
- (fwd) OpenSSH trojan!
  - From: Raymond Wood <raywood@magma.ca>
- Re: (fwd) OpenSSH trojan!
  - From: Dale Amon <amon@vnl.com>
- Re: (fwd) OpenSSH trojan!
  - From: Sebastien Chaumat <schaumat@libertysurf.fr>
- Re: (fwd) OpenSSH trojan!
  - From: Paul Hampson <Paul.Hampson@anu.edu.au>

Prev by Date: Re: Fwd: RAZOR advisory: Linux util-linux chfn local root vulnerability
Next by Date: Re: (fwd) OpenSSH trojan!
Previous by thread: Re: (fwd) OpenSSH trojan!
Next by thread: Re: (fwd) OpenSSH trojan!
Index(es):
- Date
- Thread