From owner-cvs-all Fri Jun 28 1:36:32 2002 Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BBD3B37B400; Fri, 28 Jun 2002 01:36:20 -0700 (PDT) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F0D943E06; Fri, 28 Jun 2002 01:36:20 -0700 (PDT) (envelope-from des@ofug.org) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 71A105361; Fri, 28 Jun 2002 10:36:17 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Julian Elischer Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/crypto/openssh - Imported sources References: From: Dag-Erling Smorgrav Date: 28 Jun 2002 10:36:16 +0200 In-Reply-To: Message-ID: Lines: 20 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Julian Elischer writes: > Why not 3.4 as that is what they are trying to get everyone to > go to? Patience. > p.s. do you believe what they say about 2.3.0 (as shipped in 4.4) (and > 4.5?) NOT being vunlerable? ...to this particular attack, yes. Neither is the version of 2.9 we have in 4.5 and 4.6 vulnerable. > I wonder if any of the patches we applied since in the 4.4 branch have > MADE them vulnerble? No. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message