Date: Tue, 25 Jun 2002 02:55:10 -0600 From: Theo de Raadt <deraadt@cvs.openbsd.org> To: Joshua Goodall <joshua@roughtrade.net> Cc: Theo de Raadt <deraadt@openbsd.org>, freebsd-security@FreeBSD.ORG Subject: Re: Hogwash Message-ID: <200206250855.g5P8tALJ009445@cvs.openbsd.org> In-Reply-To: Your message of "Tue, 25 Jun 2002 15:10:51 %2B1000." <20020625051051.GA4009@roughtrade.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I think our intent is to make 3.4 be 3.3.1 + the fix. If it isn't, we are going to try to make it easy in some other way. Be ready on Monday morning for a small patch, and simple roll-out. > Something I would like to know - and I think you can tell us without > compromising much - is whether 3.4 will be more than 3.3 + fix for > this exploit. This will help those who roll our own packages/maintain > large deployments to plan in advance. (i.e. will we need an hour > or a day to merge changes?) > > Joshua > > On Mon, Jun 24, 2002 at 05:27:11PM -0600, Theo de Raadt wrote: > > > Nobody is `in' on the bug. The OpenSSH team has given details to no > > > one so far, so we are assured to be blindsided. I'm afraid security > > > contacts with various projects and vendors know no more than what was > > > said in the bugtraq posting. > > > > Bullshit. > > > > You have been told to move up to privsep so that you are immunized by > > the time the bug is released. > > > > If you fail to immunize your users, then the best you can do is tell > > them to disable OpenSSH until 3.4 is out early next week with the > > bugfix in it. Of course, then the bug will be public. > > > > I am not nearly naive enough to believe that we can release a patch > > for this issue to any vendor, and have it not leak immediately. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message x1 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206250855.g5P8tALJ009445>