[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [d-security] Re: ssh vulnerability in the wild

On 2003.09.16, Stephen Frost <sfrost@snowman.net> wrote:
> > Is 3.6.1p2-3 vulnerable?  For those of us who want security, must we
> > downgrade to 3.4p1-1.1 or build from source after patching by hand?  Or
> > will this security fix be applied to sarge as well?
> There's at least a version on incoming.debian.org which has the version
> for unstable.  I don't know what to tell you about testing/sarge.  I'm
> sure it will be in before release but beyond that I've no idea when it
> will make it into testing.

Eek.  So, if we want to run secure systems, we either have to run
unstable (and all the troubles that comes with) or stable?  I find that
"testing" is a good middle ground for a reasonably stable system but
with reasonably up-to-date packages, so that's why I run it.  Running
"stable" involves hand-managing way too many packages that I do need
more recent versions, and "unstable" involves way too many troubles if I
apt-get update without carefully inspecting what's being updated, which
I don't have the time for.

:-(  poop.

Guess I'll go the deb-src route and hand-patch, I guess.  Not what I
wanted to do today ... ;-)

-- Dossy

Dossy Shiobara                       mail: dossy@panoptic.com 
Panoptic Computer Network             web: http://www.panoptic.com/ 
  "He realized the fastest way to change is to laugh at your own
    folly -- then you can let go and quickly move on." (p. 70)

Reply to: