On Wed, Jul 08, 2009 at 09:03:15AM +0200, Thijs Kinkhorst wrote: > You may have heard of the rumours that there's a new OpenSSH exploit but > it's unclear what this exploit actually is or whether it even exists: > http://isc.sans.org/diary.html?storyid=6742
Quite so. > However, one consistent claim is that the "current version" of OpenSSH > isn't affected. It would make sense to me to get at least unstable/sid > updated with the most recent upstream version, as it wouldn't hurt. Do you > as openssh maintainers think you can do this in the short term? This is at > least some potentially mitigating action we can already take. The delay's mostly been revision control pain at my end (the package is still in CVS and I haven't quite finished migrating it to bzr, which migration would make things a lot easier for me). I'll look into doing it before Debconf. -- Colin Watson [[email protected]] -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
