On Tue, Sep 16, 2003 at 05:31:06PM +0200, Christian Hammers wrote:
> The new version has already been installed. This was quick. Good work,
> security team.
> 
>  openssh (1:3.4p1-1.1) stable-security; urgency=high
> 
>   * NMU by the security team.
>   * Merge patch from OpenBSD to fix a security problem in buffer handling
> 
>  -- Wichert Akkerman <[EMAIL PROTECTED]>  Tue, 16 Sep 2003 13:06:31 +0200

According to the DSA, this is based on the 3.7 fix. OpenSSH's site lists
the only not vulnerable version as 3.7.1. In my mind, that means the ssh
version on security.debian.org right now is _STILL_ vulnerable. I'm not
a security expert, nor do I have time to actually see if that's true,
so, I'm asking the list if anyone can confirm/deny that.

-- 
Regards
Birzan George Cristian

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to