From owner-freebsd-security Thu Mar 7 9: 8:57 2002 Delivered-To: freebsd-security@freebsd.org Received: from cithaeron.argolis.org (bgm-66-67-16-161.stny.rr.com [66.67.16.161]) by hub.freebsd.org (Postfix) with ESMTP id 7915C37B41D for ; Thu, 7 Mar 2002 09:08:32 -0800 (PST) Received: from localhost (piechota@localhost) by cithaeron.argolis.org (8.11.6/8.11.4) with ESMTP id g27H8SY53764; Thu, 7 Mar 2002 12:08:28 -0500 (EST) (envelope-from piechota@argolis.org) X-Authentication-Warning: cithaeron.argolis.org: piechota owned process doing -bs Date: Thu, 7 Mar 2002 12:08:28 -0500 (EST) From: Matt Piechota To: Eric Parusel Cc: freebsd-security@FreeBSD.ORG Subject: Re: OpenSSH root hole - What version of FreeBSD does it affect? In-Reply-To: <012f01c1c5f7$ee24fd00$5e4e5318@cns> Message-ID: <20020307120444.L53519-100000@cithaeron.argolis.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 7 Mar 2002, Eric Parusel wrote: > >From the advisory: > "Affects: FreeBSD 4.4-RELEASE, 4.5-RELEASE > FreeBSD 4.5-STABLE prior to the correction date > openssh port prior to openssh-3.0.2_1 > openssh-portable port prior to > openssh-portable-3.0.2p1_1" > > Does this affect FreeBSD's releng_4_3?? Just wondering why there's > no mention of it at all... Someone else posted OpenSSH 2.0 thru current was affected, so that's a yes (4.3 had openssh, right?) There's probably no mention since 4.3-rel is officially 'unsupported', so it was never tested. -- Matt Piechota To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message