On Wed, Jun 26, 2002 at 01:58:29PM -0500, Phil Brutsche wrote: > No, potato's ssh packages are vunlerable and updates have been made > available; DSA-134 contains all the necessary information: > http://www.debian.org/security/2002/dsa-134.
That advisory predates the release of full information on the exploit. At the time it was released, the openssh group had not yet stated that the vulnerability was dependent upon having certain versions of ssh built with certain options enabled. Would the security team please issue an official update to the advisory indicating whether, now that further information on the vulnerability has been released, existing (pre-3.3) debian ssh packages are believed to be affected? -- When we reduce our own liberties to stop terrorism, the terrorists have already won. - reverius Innocence is no protection when governments go bad. - Tom Swiss -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
