On Thu, 2003-09-18 at 09:09, Jason Holt wrote: > What's the deal? debian.org lists the ssh vulnerabilities, but only mentions > a fixed version for the stable release. AFAICT, testing is still at the old > version. Are they just slow, or what?
Therein lies the problem of using testing. It's not a released version so it doesn't have security updates and other such things. Packages can only move into testing after they've been bug free for two weeks, IIRC. Unstable, of course, gets the latest and greatest so the security fixes usually show up there right away but that's not handled by the security team. The suggested solution for this particular incident is to either install the package from stable or to get the new package from incoming.debian.org (although I think it's propagated to unstable by now). Corey ____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
