I just uploaded an NMU of ssh to non-us. It fixes a nasty security bug where anyone could inject data into an encrypted ssh stream. I suggest you upgrade ASAP. The files can be found for now at ftp://nonus.debian.org/pub/incoming/debian-non-US/ PS. If you reply to this message, take care with the crossposts..
-----BEGIN PGP SIGNED MESSAGE----- Format: 1.5 Date: Sat, 13 Jun 1998 05:23:34 +0300 Source: ssh Binary: ssh ssh-askpass Architecture: source i386 Version: 1.2.25-0.1 Distribution: frozen unstable Urgency: high Maintainer: Tommi Virtanen <[EMAIL PROTECTED]> Description: ssh - a secure replacement for rlogin, rsh, and rcp ssh-askpass - under X, asks user for a pasphrase for ssh-add Changes: ssh (1.2.25-0.1) frozen unstable; urgency=high . * The upstream version now uses binaries ending in '1', and main executables are just symlinks (for upwards compability with v2). Had to adjust debian/ssh-askpass.files to add the version with '1' and debian/rules to make sure slogin's man page is symlinked correctly. * Made ssh-askpass.1.gz link to undocumented.7.gz * Non-maintainer release, new upstream version with security bugfixes where anyone could inject data into an ssh stream (#23452, #23456). Files: c656bd052c83556f22b7bcd2a4648ad8 623 non-us optional ssh_1.2.25-0.1.dsc f16c579f8d60d2f0eaabd3c30e46ca2c 1002828 non-us optional ssh_1.2.25.orig.tar.gz 0d700887f56c88f15d1ab0f0f03d389c 14976 non-us optional ssh_1.2.25-0.1.diff.gz cd7bcc98320357549f4cf42e90bf557b 431376 non-us optional ssh_1.2.25-0.1_i386.deb 3ec5b93c55ea7dcd26fe52c6af4a195b 38112 non-us optional ssh-askpass_1.2.25-0.1_i386.deb -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQCVAwUBNYJjnoAGLnzk1H7BAQGBaQQA2m1N9nDOdoap6lDjZH32FFwq7FbXFBiZ xpI6JceNzPMAS+f19jjC8AoYwVLI/F0djpJDZgR5c+UhoXVXgO3EEFJWIOMSMi5M hyRme+cCoKklP5SazfNvfG6dnsnb/UPWIT5TrpeHEESpZ1sKTeI59a0EUhlKc3r/ L8fEWALx6pA= =WlhN -----END PGP SIGNATURE----- -- [EMAIL PROTECTED] - it's a valid address w/o spam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]