>Thanks for the clarification. > >I would also like to thank whomever for the extra descriptive text on >the openssl patch issued the other day. Having the clarification on >the (non)impact on OpenSSH right in the patch was good ...
You are welcome. Stuart Henderson wrote the draft, but he forgot that part, and Damien Miller and I realized it was needed. We sensed there might be some ambiguity... we'll take care the next time an OpenOffice problem also. ... as long as you aren't using FreeBSD or a derivative (hint: Jupiper), you are fine. That's the only place I know of an OpenSSH hole. Oh now I sense some angst. Please ask Kirk McKusick, he knows the story about why this is not being disclosed to FreeBSD. Sometimes I feel a bit sorry for them (and for him), but then the next minute I don't feel sorry because there's damn good reasons they won't be told about what I found. Does that answer help? Hope so.