From owner-freebsd-security Wed Jun 26 17:40:18 2002 Delivered-To: freebsd-security@freebsd.org Received: from ainaz.pair.com (ainaz.pair.com [209.68.2.66]) by hub.freebsd.org (Postfix) with SMTP id E7EE237B416 for ; Wed, 26 Jun 2002 16:30:10 -0700 (PDT) Received: (qmail 60130 invoked by uid 3338); 26 Jun 2002 21:43:28 -0000 Date: Wed, 26 Jun 2002 17:43:28 -0400 From: Travis Cole To: freebsd-security@freebsd.org Cc: Theo de Raadt Subject: Re: Wow Message-ID: <20020626214328.GD53981@ainaz.pair.com> References: <20020626185126.GB35484@ainaz.pair.com> <200206261854.g5QIsNLI015235@cvs.openbsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200206261854.g5QIsNLI015235@cvs.openbsd.org> User-Agent: Mutt/1.3.25i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Jun 26, 2002 at 12:54:23PM -0600, Theo de Raadt wrote: > > We also did 5600 lines of further security auditing work over the last > week. We're fairly convinced that some of the things we changed are > relevant as well. ie. more holes. > > And that is commited in 3.4 Like I said in a few other emails. I've thought about this some more and I think Theo is right here. The upgrade to 3.4 is worth it. Lots of people are running some pretty crufty versions of OpenSSH. Many issues were fixed in 3.4. > By all means. Please continue running what you have. Don't upgrade > to 3.4. And please turn privsep off. Nope. I plan to upgrade. I've got 300 boxes that will be seeing 3.4 soon. -- -tcole To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message