[EMAIL PROTECTED] wrote:
>Vadim Kutsyy([EMAIL PROTECTED])@Mon, Feb 12, 2001 at 01:51:36AM -0500:
>> debian:/usr/local# ssh -V
>> SSH Version OpenSSH_2.3.0p1, protocol versions 1.5/2.0.
>> Compiled with SSL (0x0090600f).
>>
>> I belive 1.2.3 is in stable. If you want better, upgrade to unstable,
>> or at least testing.
>
>Ok tnx but I don't understand why they put 1.2.3 as the latest, and in
>security updates in the stable version.
Because stable doesn't get randomly updated to newer versions; we
backport the security fixes instead wherever possible, so that stable
users get stable versions of packages.
>And how can I know that 1.2.3 fixes the bugs that were in pre 2.3.0p1?
Here's the changelog. You can always go and download the Debian diff to
the upstream sources and compare it with the fix in 2.3.0pl1.
openssh (1:1.2.3-9.2) stable; urgency=high
* Non-maintainer upload by Security Team
* Added backported fix for a buffer overflow (thanks to Piotr
Roszatycki)
* Added modified build dependencies from unstable for convenience
* Added patch that fixes an rsa key exchange problem made public by CORE
SDI.
-- Martin Schulze <[EMAIL PROTECTED]> Thu, 8 Feb 2001 22:15:04 +0100
--
Colin Watson [EMAIL PROTECTED]
