Upstream reports they've released a new version of rssh (2.3.2) which is
now mentioned on the rssh home page. It looks like this release should
also fix Bug#339531.
The problems in 2.3.0 sound like they were introduced in that version and
wouldn't affect previous versions (although of course prev
Russ Allbery <[EMAIL PROTECTED]> writes:
> Package: rssh
> Version: 2.3.0-1
> Severity: grave
> Tags: security patch
> Justification: renders package unusable
> Due to missing curly braces in util.c, if rssh gets as far as checking
> to see if the issued command was CVS, the check will always suc
Package: rssh
Version: 2.3.0-1
Severity: grave
Tags: security patch
Justification: renders package unusable
Due to missing curly braces in util.c, if rssh gets as far as checking
to see if the issued command was CVS, the check will always succeed.
Furthermore, this failure can be exploited to pass
3 matches
Mail list logo
