Bug#536182: rumours of openssh attack, upgrade sid?
On Wed, Jul 08, 2009 at 09:03:15AM +0200, Thijs Kinkhorst wrote:
> You may have heard of the rumours that there's a new OpenSSH exploit but
> it's unclear what this exploit actually is or whether it even exists:
> http://isc.sans.org/diary.html?storyid=6742
Quite so.
> However, one consistent claim is that the "current version" of OpenSSH
> isn't affected. It would make sense to me to get at least unstable/sid
> updated with the most recent upstream version, as it wouldn't hurt. Do you
> as openssh maintainers think you can do this in the short term? This is at
> least some potentially mitigating action we can already take.
The delay's mostly been revision control pain at my end (the package is
still in CVS and I haven't quite finished migrating it to bzr, which
migration would make things a lot easier for me). I'll look into doing
it before Debconf.
--
Colin Watson [cjwatson@debian.org]
Reply to: