Date: Wed, 14 Feb 2001 15:50:02 -0400 (AST) From: The Hermit Hacker <scrappy@hub.org> To: Nate Williams <nate@yogotech.com> Cc: Kris Kennaway <kris@obsecurity.org>, Igor Roshchin <str@giganda.komkon.org>, <security@FreeBSD.ORG> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-01:24.ssh Message-ID: <Pine.BSF.4.33.0102141549320.421-100000@mobile.hub.org> In-Reply-To: <14986.57825.251227.67134@nomad.yogotech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 14 Feb 2001, Nate Williams wrote: > > > > OpenSSH is installed if you chose to install the 'crypto' distribution > > > > at install-time or when compiling from source, and is installed and > > > > enabled by default as of FreeBSD 4.1.1-RELEASE. By default SSH1 > > > > protocol support is enabled. > > > > > > Excuse me pointing to a similar point in the last few advisories, > > > but , again, for some reason earlier releases 4.0 and 4.1 are forgotten. > > > While the advisory includes those releases in the list > > > of vulnerable systems, the paragraph quoted above tells that > > > OpenSSH is install as of FreeBSD 4.1.1-RELEASE. > > > However, I see that 4.0-RELEASE had OpenSSH-1.2.2 > > > and it is, according to the quote below is vulnerable. > > > > If you look at http://www.freebsd.org/security we only claim to > > provide security support for the most recent version of FreeBSD > > (4.2-RELEASE) and after. > > I agree that 'support' is one thing, but at least mentioning which > releases are effected by this bug would be good. > > Most of the other vendors list all of their 'effected' releases as being > effected or not, and since most of the deployed FreeBSD systems are > *NOT* running 4.2R, this is of great benefit to the users. If nothing else, by listed anything before 4.2R as *being* vulnerable, but unsupported, you give ppl one more incentive to dive into upgrading ... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0102141549320.421-100000>