[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [d-security] Re: ssh vulnerability in the wild

On 2003.09.16, Christian Hammers <ch@debian.org> wrote:
> The new version has already been installed. This was quick. Good work,
> security team.
>  openssh (1:3.4p1-1.1) stable-security; urgency=high
>   * NMU by the security team.
>   * Merge patch from OpenBSD to fix a security problem in buffer handling
>  -- Wichert Akkerman <wakkerma@debian.org>  Tue, 16 Sep 2003 13:06:31 +0200

Is 3.6.1p2-3 vulnerable?  For those of us who want security, must we
downgrade to 3.4p1-1.1 or build from source after patching by hand?  Or
will this security fix be applied to sarge as well?

-- Dossy

Dossy Shiobara                       mail: dossy@panoptic.com 
Panoptic Computer Network             web: http://www.panoptic.com/ 
  "He realized the fastest way to change is to laugh at your own
    folly -- then you can let go and quickly move on." (p. 70)

Reply to: