On Mon, Oct 22, 2001 at 06:21:51AM -0300, Peter Cordes wrote: > On Fri, Oct 19, 2001 at 05:06:03PM -0700, Garrett Ellis wrote: > > I run Debian; and I applied the OpenSSH patch myself as soon as it was posted. > > Does anybody know of the advantages of waiting for a new .deb file to get > > circulated are? > > It's easier, esp. if you don't already have source for the latest version.
BTW, I'm talking about http://www.securityfocus.com/bid/3369 OpenSSH Key Based Source IP Access Control Bypass Vulnerability Someone else mentioned a buffer overflow exploit. In that case (remote root exploit or something), then laziness is overruled by the need to keep one's system secure. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
