re-examine ssh vuln once details are released?
hi.
first I want to say that the security team does a great job.
second i am kind of worried. I ran apt-get update/upgrade on
a stable system just now and found it upgraded to openssh 3.3,
i'm aware of the vuln that is comming out.
but i was curious if the security team(or others) would re-examine
the vulnerability once more details are released and if possible
release an update to the potato version of openssh.
i rather like the fact that most/all of the security patches
are backported, this is quite a radical departure. I can only
assume that openssh 1.2.x was/is vulnerable even though i have
not noticed any versions other then 3.x being mentioned on bugtraq.
since most of my systems are RSA-only authentication this will
cause some minor issues, but i am more interested if the security
team will look into backporting a fix for this to the older
openssh. the security advisory on security.debian.org does not
mention whether this is an interim patch or if another update
may be provided(other then saying this patch may be buggy)
it's not a critical issue, but i was just shocked to see openssh
3.3 on potato:)
keep up the good work!!
sorry if this is being discussed to death, i am on debian-user and
not any other debian-specific lists if there is a thread that talks
about this i would gladly read it.
thanks!
nate
(admin of about 50 debian potato servers/workstations)
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: