Re: OpenSSH Debian and the Trojan

To: debian-user@lists.debian.org
Subject: Re: OpenSSH Debian and the Trojan
From: Craig Dickson <crdic@pacbell.net>
Date: Thu, 1 Aug 2002 11:22:55 -0700
Message-id: <[🔎] 20020801182255.GD11729@crdic.ath.cx>
In-reply-to: <[🔎] 001b01c23982$d16edab0$28ad1fd0@kris>
References: <[🔎] 001b01c23982$d16edab0$28ad1fd0@kris>

Kris wrote:

> Just last night I updated my debian packages via ftp.debian.org and OpenSSH
> was updated to ssh 3.4p1-1 is it possible that this was Trojaned via the
> news from openssh this morning that there packages were Trojaned and could
> have it.

According to the published analysis, the trojan affects only the system
where the package is built, not the resulting binaries. Even if Debian's
ssh package had been built from a trojaned package, in this case users
of the resulting package would not be at risk. In any case, it appears
that Debian's ssh package was built from a non-trojaned source.

Just FYI, the period character "." is supposed to be used at the end of
each sentence, not just at the end of your message.

Craig

Attachment: pgpBrxvsENnmz.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: OpenSSH Debian and the Trojan
  - From: "Sean 'Shaleh' Perry" <shalehperry@attbi.com>

References:
- OpenSSH Debian and the Trojan
  - From: "Kris" <krisp1@mlode.com>

Prev by Date: nightly death of X (and no consol access)
Next by Date: Re: can't load root.bin floppy, missing floppy controller (idepci,bf2.4 and compact)
Previous by thread: Re: OpenSSH Debian and the Trojan
Next by thread: Re: OpenSSH Debian and the Trojan
Index(es):
- Date
- Thread