> I just read Razor's vulnerability advisory, as reported on slashdot.
>
> Any truth to it, or is it another wannabe ?
>
> Why wasn't this reported on this list, before or at least at the same time
> the advisory was released ? It seems serious to me...
It's real enough for most vendors to respond. I think you want
to make sure your servers have at least 1.2.30/2.4.0 or
openssh 2.3.0p1 at this point.
Van Dyke also released SecureCRT 3.2.1 to deal with this.
I would not be surprised to see other vendors responding.
--jrp
