On Tue, Dec 17, 2002 at 08:42:03AM +0800, Patrick Hsieh wrote: > Woody is shipping OpenSSH_3.4p1. Before the security team confirm this > vulnerability and release the upgrade package, is there any way to patch and > repackage the woody openssh? I just can't find the patch against this > vulnerability.
Why would you want to? The advisory indicates that it is unlikely (for whatever that's worth) that any OpenSSH version are vulnerable at all. 3.5 certainly doesn't fix nonexistant problems, so I don't see any reason to view this advisory as a reason to upgrade. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
msg08199/pgp00000.pgp
Description: PGP signature
