* Ted Cabeen <[EMAIL PROTECTED]> [011107 18:11]: > Make sure that you have the security site in your > /etc/apt/sources.list file. If you do, and apt-get update; apt-get > upgrade says you're up to date, then you're fine. In general, the > security team patches the current version to fix security bugs in > stable rather than upgrade to a newer version. That could be > confusing your sysadmin. The CRC bug was patched in debian as of ssh > version 1.2.3-9.2. You can look at the changelog in > /usr/share/doc/ssh/changelog.Debian.gz for specific information.
Thanks for info. Yes, I have that line in my sources.list, and I also believe I am fine. Our network admin used the nessus ssh plugin to scan the network. He only says that nessus gives a warning about my computer (concerning the crc bug) and knows nothing more. He uses debian himself but with openssh 2.9p. In his case nessus doesn't complain.