Nico, Thank you very much for the link!Is there any way to find out what the ETA on release would be? This is one of the items checked by my lab's security scanning system, so I would like to get it addressed quickly, but prefer to do it via debian package rather than manual patch.
-- David Ehle Computing Systems Manager CAPP CSRRI rm 077 LS Bld. IIT Main Campus Chicago IL 60616 ehle@iit.edu 312-567-3751 He who fights with monsters must take care lest he thereby become a monster. And if you gaze for long into an abyss, the abyss gazes also into you. On Tue, 29 Apr 2008, Nico Golde wrote:
Hi David, * David Ehle <ehle@agni.phys.iit.edu> [2008-04-29 21:06]: [...]It looks like it hs been handled for testing/unstable but its unclear if this fix has been applied to version currently in etch (OpenSSH_4.3p2 Debian-9) and the security repository. Does anyone know if this has been addressed? Are there any plans to do so?Nope, not yet. See: http://security-tracker.debian.net/tracker/CVE-2008-1483 Cheers Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.