[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh update or upgrade required? which is it?



On Mon, Jun 24, 2002 at 06:14:18PM -0700, justin cunningham wrote:
> Hi list, can you please clarify something for me-- this should be pretty
> straight forward so sorry if the question seems a bit lame.  Can you
> please reply to the email in addition to the list since I'm not
> currently subscribed.
> 
> I read this release http://www.debian.org/security/2002/dsa-134 and it
> says to upgrade to ssh 3.3p1 for woody and that the package for potato
> hasn't yet been compiled.
> 
> On my stable boxes I ran apt-get update and it pulled down some patches
> from security though the only recent post for security updates is this
> one so was my open ssh from the potato branch updated proficiently or do
> I need to install this new version?  If I need to install ssh 3.3 and
> want the rest of my box to stay in stable until woody is complete how do
> I do this?
> 
> Thanks, Justin
> 

According to my traversing through the security updates section via FTP,
the ssh version there for potato i386 is 1.2.3-9.4  So no, you haven't
fixed the vulnerability via any apt-get upgrades ...

You really have two options: download the ssh source and compile it
yourself, or wait until the potato update gets done.  I presume potato
is still being security patched, at least until a bit after Woody is
released.

- Chris


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org



Reply to: