Adrian von Bidder wrote:
On Tuesday 16 September 2003 22:30, Rich Puhek wrote:
[mix stable/testing/unstable]
This is what I usually do - and usually, it works quite fine. Right now,
though, I've been pulling in more and more from testing/unstable since some
things depend on the new glibc, a
Adrian von Bidder wrote:
On Tuesday 16 September 2003 22:30, Rich Puhek wrote:
[mix stable/testing/unstable]
This is what I usually do - and usually, it works quite fine. Right now,
though, I've been pulling in more and more from testing/unstable since some
things depend on the new glibc, and
On Wed, Sep 17, 2003 at 12:12:35AM -0700, Rick Moen wrote:
> I note:
> http://incoming.debian.org/ssh_3.6.1p2-8_i386.deb
> http://incoming.debian.org/ssh_3.6.1p2-8_mipsel.deb
> http://incoming.debian.org/ssh_3.6.1p2-8_powerpc.deb
>
> ...and would guess they're built from upstream's v. 3.7.1.
>
Quoting Jan Niehusmann ([EMAIL PROTECTED]):
> So I guess we all have to upgrade again. Didn't see packages with
> patches derived from 3.7.1, yet.
I note:
http://incoming.debian.org/ssh_3.6.1p2-8_i386.deb
http://incoming.debian.org/ssh_3.6.1p2-8_mipsel.deb
http://incoming.debian.org/ssh_3.6.1p
On Tuesday 16 September 2003 22:30, Rich Puhek wrote:
[mix stable/testing/unstable]
This is what I usually do - and usually, it works quite fine. Right now,
though, I've been pulling in more and more from testing/unstable since some
things depend on the new glibc, and some other things randomly
On Wed, Sep 17, 2003 at 08:24:43AM +0300, Birzan George Cristian wrote:
> According to the DSA, this is based on the 3.7 fix. OpenSSH's site lists
> the only not vulnerable version as 3.7.1. In my mind, that means the ssh
> version on security.debian.org right now is _STILL_ vulnerable. I'm not
> a
On Tue, Sep 16, 2003 at 09:51:43PM +0200, Matthias Merz wrote:
> So only one problem remains: The version in woody-proposed-updates is
> 1:3.4p1-1.woody.1 which is "newer" than the patched version. So I had to
> manually "downgrade" my proposed-updates-version to get the fix.
> (apt-get dist-upgrad
On Tue, Sep 16, 2003 at 01:10:34PM -0400, Dossy wrote:
> On 2003.09.16, Christian Hammers <[EMAIL PROTECTED]> wrote:
> > The new version has already been installed. This was quick. Good work,
> > security team.
> >
> > openssh (1:3.4p1-1.1) stable-security; urgency=high
> >
> > * NMU by the se
On Wed, Sep 17, 2003 at 12:12:35AM -0700, Rick Moen wrote:
> I note:
> http://incoming.debian.org/ssh_3.6.1p2-8_i386.deb
> http://incoming.debian.org/ssh_3.6.1p2-8_mipsel.deb
> http://incoming.debian.org/ssh_3.6.1p2-8_powerpc.deb
>
> ...and would guess they're built from upstream's v. 3.7.1.
>
On Tue, Sep 16, 2003 at 05:31:06PM +0200, Christian Hammers wrote:
> The new version has already been installed. This was quick. Good work,
> security team.
>
> openssh (1:3.4p1-1.1) stable-security; urgency=high
>
> * NMU by the security team.
> * Merge patch from OpenBSD to fix a security
Quoting Jan Niehusmann ([EMAIL PROTECTED]):
> So I guess we all have to upgrade again. Didn't see packages with
> patches derived from 3.7.1, yet.
I note:
http://incoming.debian.org/ssh_3.6.1p2-8_i386.deb
http://incoming.debian.org/ssh_3.6.1p2-8_mipsel.deb
http://incoming.debian.org/ssh_3.6.1p
On Tuesday 16 September 2003 22:30, Rich Puhek wrote:
[mix stable/testing/unstable]
This is what I usually do - and usually, it works quite fine. Right now,
though, I've been pulling in more and more from testing/unstable since some
things depend on the new glibc, and some other things randomly
On Wed, Sep 17, 2003 at 08:24:43AM +0300, Birzan George Cristian wrote:
> According to the DSA, this is based on the 3.7 fix. OpenSSH's site lists
> the only not vulnerable version as 3.7.1. In my mind, that means the ssh
> version on security.debian.org right now is _STILL_ vulnerable. I'm not
> a
On Tue, Sep 16, 2003 at 09:51:43PM +0200, Matthias Merz wrote:
> So only one problem remains: The version in woody-proposed-updates is
> 1:3.4p1-1.woody.1 which is "newer" than the patched version. So I had to
> manually "downgrade" my proposed-updates-version to get the fix.
> (apt-get dist-upgrad
On Tue, Sep 16, 2003 at 01:10:34PM -0400, Dossy wrote:
> On 2003.09.16, Christian Hammers <[EMAIL PROTECTED]> wrote:
> > The new version has already been installed. This was quick. Good work,
> > security team.
> >
> > openssh (1:3.4p1-1.1) stable-security; urgency=high
> >
> > * NMU by the se
On Tue, Sep 16, 2003 at 05:31:06PM +0200, Christian Hammers wrote:
> The new version has already been installed. This was quick. Good work,
> security team.
>
> openssh (1:3.4p1-1.1) stable-security; urgency=high
>
> * NMU by the security team.
> * Merge patch from OpenBSD to fix a security
Hello there,
Christian Hammers schrieb:
>
> On Tue, Sep 16, 2003 at 04:00:30PM +0100, Thomas Horsten wrote:
> > On Tue, 16 Sep 2003, Alexander Neumann wrote:
> >
> > > According to Wichert, the security team is already working on an update.
>
> The new version has already been installed. This wa
Hello there,
Christian Hammers schrieb:
>
> On Tue, Sep 16, 2003 at 04:00:30PM +0100, Thomas Horsten wrote:
> > On Tue, 16 Sep 2003, Alexander Neumann wrote:
> >
> > > According to Wichert, the security team is already working on an update.
>
> The new version has already been installed. This wa
## Jean Charles Delepine ([EMAIL PROTECTED]):
> Same for most boxes here but there seem to be a versioning conflict
> between security update and woody proposed update :
I stumbled over this earlier this year. In short, "proposed-updates
is NOT meant to be added by users." (Martin Schulze).
http:
## Jean Charles Delepine ([EMAIL PROTECTED]):
> Same for most boxes here but there seem to be a versioning conflict
> between security update and woody proposed update :
I stumbled over this earlier this year. In short, "proposed-updates
is NOT meant to be added by users." (Martin Schulze).
http:
* Dossy ([EMAIL PROTECTED]) wrote:
> Eek. So, if we want to run secure systems, we either have to run
> unstable (and all the troubles that comes with) or stable? I find that
Old news... Sorry.
Stephen
pgpvTdoiywATE.pgp
Description: PGP signature
Quoting Dossy ([EMAIL PROTECTED]):
> Eek. So, if we want to run secure systems, we either have to run
> unstable (and all the troubles that comes with) or stable?
The Security Team FAQ addresses this:
http://www.debian.org/security/faq#testing
Q: How is security handled for testing and unsta
Dossy wrote:
On 2003.09.16, Stephen Frost <[EMAIL PROTECTED]> wrote:
Is 3.6.1p2-3 vulnerable? For those of us who want security, must we
downgrade to 3.4p1-1.1 or build from source after patching by hand? Or
will this security fix be applied to sarge as well?
There's at least a version o
* Dossy ([EMAIL PROTECTED]) wrote:
> Eek. So, if we want to run secure systems, we either have to run
> unstable (and all the troubles that comes with) or stable? I find that
Old news... Sorry.
Stephen
pgp0.pgp
Description: PGP signature
Quoting Dossy ([EMAIL PROTECTED]):
> Eek. So, if we want to run secure systems, we either have to run
> unstable (and all the troubles that comes with) or stable?
The Security Team FAQ addresses this:
http://www.debian.org/security/faq#testing
Q: How is security handled for testing and unsta
Dossy wrote:
On 2003.09.16, Stephen Frost <[EMAIL PROTECTED]> wrote:
Is 3.6.1p2-3 vulnerable? For those of us who want security, must we
downgrade to 3.4p1-1.1 or build from source after patching by hand? Or
will this security fix be applied to sarge as well?
There's at least a version on inc
Christian Hammers <[EMAIL PROTECTED]> écrivait (wrote) :
> On Tue, Sep 16, 2003 at 04:00:30PM +0100, Thomas Horsten wrote:
> > On Tue, 16 Sep 2003, Alexander Neumann wrote:
> >
> > > According to Wichert, the security team is already working on an update.
> >
> > Is there an emergency patch/work
Christian Hammers <[EMAIL PROTECTED]> écrivait (wrote) :
> On Tue, Sep 16, 2003 at 04:00:30PM +0100, Thomas Horsten wrote:
> > On Tue, 16 Sep 2003, Alexander Neumann wrote:
> >
> > > According to Wichert, the security team is already working on an update.
> >
> > Is there an emergency patch/work
Quoting Stephen Frost ([EMAIL PROTECTED]):
> There's at least a version on incoming.debian.org which has the version
> for unstable. I don't know what to tell you about testing/sarge. I'm
> sure it will be in before release but beyond that I've no idea when it
> will make it into testing.
The v
On 2003.09.16, Stephen Frost <[EMAIL PROTECTED]> wrote:
> > Is 3.6.1p2-3 vulnerable? For those of us who want security, must we
> > downgrade to 3.4p1-1.1 or build from source after patching by hand? Or
> > will this security fix be applied to sarge as well?
>
> There's at least a version on inc
Quoting Stephen Frost ([EMAIL PROTECTED]):
> There's at least a version on incoming.debian.org which has the version
> for unstable. I don't know what to tell you about testing/sarge. I'm
> sure it will be in before release but beyond that I've no idea when it
> will make it into testing.
The v
On 2003.09.16, Stephen Frost <[EMAIL PROTECTED]> wrote:
> > Is 3.6.1p2-3 vulnerable? For those of us who want security, must we
> > downgrade to 3.4p1-1.1 or build from source after patching by hand? Or
> > will this security fix be applied to sarge as well?
>
> There's at least a version on inc
On Tue, Sep 16, 2003 at 07:29:33PM +0200, Jan Niehusmann wrote:
> On Tue, Sep 16, 2003 at 01:10:34PM -0400, Dossy wrote:
> > Is 3.6.1p2-3 vulnerable? For those of us who want security, must we
> > downgrade to 3.4p1-1.1 or build from source after patching by hand? Or
> > will this security fix be
* Dossy ([EMAIL PROTECTED]) wrote:
> On 2003.09.16, Christian Hammers <[EMAIL PROTECTED]> wrote:
> > The new version has already been installed. This was quick. Good work,
> > security team.
> >
> > openssh (1:3.4p1-1.1) stable-security; urgency=high
> >
> > * NMU by the security team.
> > *
On Tue, Sep 16, 2003 at 01:10:34PM -0400, Dossy wrote:
> Is 3.6.1p2-3 vulnerable? For those of us who want security, must we
> downgrade to 3.4p1-1.1 or build from source after patching by hand? Or
> will this security fix be applied to sarge as well?
I guess the patch will apply to sarge as wel
On 2003.09.16, Christian Hammers <[EMAIL PROTECTED]> wrote:
> The new version has already been installed. This was quick. Good work,
> security team.
>
> openssh (1:3.4p1-1.1) stable-security; urgency=high
>
> * NMU by the security team.
> * Merge patch from OpenBSD to fix a security problem
On Tue, Sep 16, 2003 at 07:29:33PM +0200, Jan Niehusmann wrote:
> On Tue, Sep 16, 2003 at 01:10:34PM -0400, Dossy wrote:
> > Is 3.6.1p2-3 vulnerable? For those of us who want security, must we
> > downgrade to 3.4p1-1.1 or build from source after patching by hand? Or
> > will this security fix be
* Dossy ([EMAIL PROTECTED]) wrote:
> On 2003.09.16, Christian Hammers <[EMAIL PROTECTED]> wrote:
> > The new version has already been installed. This was quick. Good work,
> > security team.
> >
> > openssh (1:3.4p1-1.1) stable-security; urgency=high
> >
> > * NMU by the security team.
> > *
On Tue, Sep 16, 2003 at 01:10:34PM -0400, Dossy wrote:
> Is 3.6.1p2-3 vulnerable? For those of us who want security, must we
> downgrade to 3.4p1-1.1 or build from source after patching by hand? Or
> will this security fix be applied to sarge as well?
I guess the patch will apply to sarge as wel
On Tue, Sep 16, 2003 at 04:00:30PM +0100, Thomas Horsten wrote:
> On Tue, 16 Sep 2003, Alexander Neumann wrote:
>
> > According to Wichert, the security team is already working on an update.
>
> Is there an emergency patch/workaround for this, if disabling ssh is not
> an option? Are systems with
On 2003.09.16, Christian Hammers <[EMAIL PROTECTED]> wrote:
> The new version has already been installed. This was quick. Good work,
> security team.
>
> openssh (1:3.4p1-1.1) stable-security; urgency=high
>
> * NMU by the security team.
> * Merge patch from OpenBSD to fix a security problem
On Tue, Sep 16, 2003 at 04:00:30PM +0100, Thomas Horsten wrote:
> On Tue, 16 Sep 2003, Alexander Neumann wrote:
>
> > According to Wichert, the security team is already working on an update.
>
> Is there an emergency patch/workaround for this, if disabling ssh is not
> an option? Are systems with
42 matches
Mail list logo
