From owner-freebsd-security  Mon Jun 24 19: 7:46 2002
Delivered-To: freebsd-security@freebsd.org
Received: from lariat.org (lariat.org [63.229.157.2])
	by hub.freebsd.org (Postfix) with ESMTP
	id 61C8437B404; Mon, 24 Jun 2002 19:06:31 -0700 (PDT)
Received: (from brett@localhost)
	by lariat.org (8.9.3/8.9.3) id UAA11075;
	Mon, 24 Jun 2002 20:06:27 -0600 (MDT)
Date: Mon, 24 Jun 2002 20:06:27 -0600 (MDT)
From: Brett Glass <brett@lariat.org>
Message-Id: <200206250206.UAA11075@lariat.org>
To: dinoex@freebsd.org, nectar@freebsd.org, piechota@argolis.org
Subject: Re: [openssh-unix-announce] Re: Upcoming OpenSSH vulnerability (fwd)
Cc: freebsd-security@freebsd.org
In-Reply-To: <20020624224841.GC42982@madman.nectar.cc>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Theo has made it quite clear both in his announcement and in private mail:
Anyone who wants to be safe MUST get a version of OpenSSH with "privilege
separation" running before next week. The latest version in the Ports tree
appears to be 3.3p1, while the packages are older. Theo recommends 3.3.1p,
so we should make sure that this version is available both as a port and
as a binary package by week's end. I doubt that this will be hard to do,
since FreeBSD is very close to OpenBSD and NetBSD API-wise.

--Brett

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message