[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debian potato's SSH not affected by SSH bug?

On Wed, Jun 26, 2002 at 01:58:29PM -0500, Phil Brutsche wrote:
> No, potato's ssh packages are vunlerable and updates have been made 
> available; DSA-134 contains all the necessary information: 
> http://www.debian.org/security/2002/dsa-134.

That advisory predates the release of full information on the
exploit.  At the time it was released, the openssh group had not yet
stated that the vulnerability was dependent upon having certain
versions of ssh built with certain options enabled.

Would the security team please issue an official update to the
advisory indicating whether, now that further information on the
vulnerability has been released, existing (pre-3.3) debian ssh
packages are believed to be affected?

-- 
When we reduce our own liberties to stop terrorism, the terrorists
have already won. - reverius

Innocence is no protection when governments go bad. - Tom Swiss


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: