From owner-freebsd-stable@FreeBSD.ORG  Wed Sep 17 06:36:15 2003
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0A81B16A4B3
	for <stable@freebsd.org>; Wed, 17 Sep 2003 06:36:15 -0700 (PDT)
Received: from mail.spod.org (opal.spod.org [195.92.99.99])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1D6E943F85
	for <stable@freebsd.org>; Wed, 17 Sep 2003 06:36:14 -0700 (PDT)
	(envelope-from yann@spod.org)
Received: from yann by mail.spod.org with local (Exim 3.36 #1)
	id 19zcTc-0004FS-00; Wed, 17 Sep 2003 14:36:12 +0100
Date: Wed, 17 Sep 2003 14:36:12 +0100
From: Yann Golanski <yann@kierun.org>
To: Pete French <pfrench@firstcallgroup.co.uk>
Message-ID: <20030917133612.GB16154@kierun.org>
References: <E19zcPU-000Dm6-00@mailhost.firstcallgroup.co.uk>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="GRPZ8SYKNexpdSJ7"
Content-Disposition: inline
In-Reply-To: <E19zcPU-000Dm6-00@mailhost.firstcallgroup.co.uk>
X-Habeas-SWE-1: winter into spring
X-Habeas-SWE-2: brightly anticipated
X-Habeas-SWE-3: like Habeas SWE (tm)
X-Habeas-SWE-4: Copyright 2002 Habeas (tm)
X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this
X-Habeas-SWE-6: email in exchange for a license for this Habeas
X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant
X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this
X-Habeas-SWE-9: mark in spam to <http://www.habeas.com/report/>.
User-Agent: Mutt/1.5.4i
Sender: Yann Golanski <yann@spod.org>
cc: stable@freebsd.org
Subject: Re: Security hole in ssh ?
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Sep 2003 13:36:15 -0000


--GRPZ8SYKNexpdSJ7
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Quoth Pete French on Wed, Sep 17, 2003 at 14:31:56 +0100
> Someone just forwarded me this link, is this old news or is it
> something which needs patching in FreeBSD ? The details seem sketchy,
> though there is a comment in there that 3.7.1p1 fixes it (whatever "it"
> may be).
>=20
> http://lists.netsys.com/pipermail/full-disclosure/2003-September/010116.h=
tml

FreeBSD Security Advisory FreeBSD-SA-03:12.openssh deals with this.

--=20
yann@kierun.org                  -=3D*=3D-                      www.kierun.=
org
    PGP:   009D 7287 C4A7 FD4F 1680  06E4 F751 7006 9DE2 6318

--GRPZ8SYKNexpdSJ7
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/aGNL91FwBp3iYxgRAma/AJ4rDi4FDmGxPVyxtcpg4qQ/PXdiUwCeICl/
MHniYHedmI2CtvlVanjNa8w=
=/VzM
-----END PGP SIGNATURE-----

--GRPZ8SYKNexpdSJ7--