On Thu, Jun 27, 2002 at 02:50:54PM +0200, Michael Stone wrote: > Debian 2.2 (potato) shipped with an ssh package based on OpenSSH > 1.2.3, and is not vulnerable to the vulnerabilities covered by this > advisory. Users still running a version 1.2.3 ssh package do not have > an immediate need to upgrade to OpenSSH 3.4. Users who upgraded to the > OpenSSH version 3.3 packages released in previous iterations of > DSA-134 should upgrade to the new version 3.4 OpenSSH packages, as the > version 3.3 packages are vulnerable. We suggest that users running > OpenSSH 1.2.3 consider a move to OpenSSH 3.4 to take advantage of the > privilege separation feature. (Though, again, we have no specific > knowledge of any vulnerability in OpenSSH 1.2.3. Please carefully read > the caveats listed below before upgrading from OpenSSH 1.2.3.) We > recommend that any users running a back-ported version of OpenSSH > version 2.0 or higher on potato move to OpenSSH 3.4. > > Will the security team continue to support 1.2.3?
Phil -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]