On Tue, Nov 18, 2008 at 10:44:02PM +0900, Hideki Yamane wrote: > package: openssh > servity: grave > tag: security upstream > > Hi OpenSSH package maintainers (and lists), > > I saw new OpenSSH vulnerability issue. > See http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt > > It says > "The attack was verified against the following product version running on > Debian GNU/Linux: > > - OpenSSH 4.7p1 > > Other versions are also affected. Other implementations of the SSH > protocol may also be affected." > > and upstream was reported this issue by CPNI (they say). IMHO, we should > contact to upstream and wait to be put a solution from them.
I'm aware of this and would be absolutely astonished if upstream weren't; I'm keeping an eye on CVS for an update. Thanks, -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
