Date: Tue, 16 Sep 2003 14:16:17 -0500 From: Craig Boston <craig@meoqu.gank.org> To: Ruben de Groot <mail23@bzerk.org> Cc: stable@freebsd.org Subject: Re: Release Engineering Status Report Message-ID: <200309161416.17241.craig@meoqu.gank.org> In-Reply-To: <20030916171436.GA12867@ei.bzerk.org> References: <xzpr82graow.fsf@dwp.des.no> <JCEIKJMCANNPGKFKGLKLAEPGDPAA.mikej@trigger.net> <20030916171436.GA12867@ei.bzerk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 16 September 2003 12:14 pm, Ruben de Groot wrote: > Fortunately, there's allready a patch in the source tree: > > http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/buffer.c.diff?r1=1 >.1.1.6&r2=1.1.1.7&f=h Yes, fortunately the patch is there. I noticed however that in the version committed to the RELENG_4_8 branch, RCSID wasn't changed, so it's not possible to use ident to tell if your libssh needs to be patched or not (both old and new say 1.16)... Was that an oversight or should I be using some other method to determine if I'm running a vulnerable version or not? I also noticed the same thing with openssh-portable out of ports. Thanks, Craig
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200309161416.17241.craig>