Hi, From: Phillip Hofmeister Date: Mon, 16 Dec 2002 17:52:15 -0500
> I am sure you have seen the SSH CERT. Are we vulnerable? If so is > there a time line for an update? I'd like to know too -- perhaps there's a chance the Debian package (the OpenSSH-based one) isn't vulnerable as OpenSSH 3.5 and earlier is listed at: http://www.rapid7.com/advisories/R7-0009.txt as "APPARENTLY NOT VULNERABLE".
