On Tue, Sep 16, 2003 at 01:10:34PM -0400, Dossy wrote: > On 2003.09.16, Christian Hammers <[EMAIL PROTECTED]> wrote: > > The new version has already been installed. This was quick. Good work, > > security team. > > > > openssh (1:3.4p1-1.1) stable-security; urgency=high > > > > * NMU by the security team. > > * Merge patch from OpenBSD to fix a security problem in buffer handling > > > > -- Wichert Akkerman <[EMAIL PROTECTED]> Tue, 16 Sep 2003 13:06:31 +0200 > > Is 3.6.1p2-3 vulnerable? For those of us who want security, must we > downgrade to 3.4p1-1.1 or build from source after patching by hand? Or > will this security fix be applied to sarge as well?
It's not routine practice, but assuming glibc doesn't suddenly get fixed in the next couple of days, I expect to upload a fixed openssh to testing-proposed-updates once the dust settles. That should be able to get into testing fairly quickly. -- Colin Watson [EMAIL PROTECTED]
