From owner-freebsd-security@FreeBSD.ORG  Fri Sep 19 06:48:17 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 087EA16A4B3
	for <freebsd-security@freebsd.org>;
	Fri, 19 Sep 2003 06:48:17 -0700 (PDT)
Received: from amsfep15-int.chello.nl (amsfep15-int.chello.nl [213.46.243.28])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7281943FE0
	for <freebsd-security@freebsd.org>;
	Fri, 19 Sep 2003 06:48:15 -0700 (PDT)
	(envelope-from dodell@sitetronics.com)
Received: from sitetronics.com ([213.46.142.207]) by amsfep15-int.chello.nl
          (InterMail vM.5.01.05.17 201-253-122-126-117-20021021) with ESMTP
          id <20030919134814.UFYP6169.amsfep15-int.chello.nl@sitetronics.com>
          for <freebsd-security@freebsd.org>;
          Fri, 19 Sep 2003 15:48:14 +0200
Message-ID: <3F6B08D0.7080506@sitetronics.com>
Date: Fri, 19 Sep 2003 15:46:56 +0200
From: "Devon H. O'Dell" <dodell@sitetronics.com>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030820
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-security@freebsd.org
References: <200309172237.h8HMbuvK078935@freefall.freebsd.org>
	<20030918100907.GA85007@bender.kerna.ie>
	<20030918145005.GB32994@madman.celabo.org>
	<20030919131636.GB63736@nevermind.kiev.ua> <3F6B02D2.2030609@sitetronics.com>
	<20030919132433.GA66315@nevermind.kiev.ua>
In-Reply-To: <20030919132433.GA66315@nevermind.kiev.ua>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [FreeBSD-Announce] FreeBSD Security
	AdvisoryFreeBSD-SA-03:12.openssh [REVISED]
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Sep 2003 13:48:17 -0000



Alexandr Kovalenko wrote:

>Hello, Devon H. O'Dell!
>
>On Fri, Sep 19, 2003 at 03:21:22PM +0200, you wrote:
>
>  
>
>>Alexandr Kovalenko wrote:
>>
>>    
>>
>>>[snip]
>>>
>>>I've used cvsup to update my sources but I see the same picture in
>>>RELENG_4_7.
>>>
>>>
>>>      
>>>
>>As did I using RELENG_5_1 -- the version remains at 3.6.1p1.
>>    
>>
>
>Not version, but timestamp!
>  
>
Umm... yeah, that was my implication. Sorry for the poor wording. My 
version string (generated by ssh -V or sshd --help) remains unchanged. 
The source is patched/updated and should by all means be invulnerable to 
that attack. I did not notice version.h or other related files being 
checked out in my cvsup.

--Devon