[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH exploit and commerical SSH

Scott James Remnant <scott@netsplit.com> writes:

> Does anybody know (apart from Theo, who I've also e-mailed the question
> to) whether the exploit might affect the commercial SSH 1.x
> distribution?

Probably only Theo; good luck getting concrete information out of
him. ;-) Note that if the commercial version is vulnerable, Debian
will almost certainly just advise users to switch to OpenSSH, as we're
killing the ssh-nonfree packages off anyway.  (Of course, if it's
*not* vulnerable, you may be better off waiting until there's a real
fix for the OpenSSH bug.)

Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
Finger amu@monk.mit.edu (NOT a valid e-mail address) for more info.

To UNSUBSCRIBE, email to debian-ssh-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: