From owner-freebsd-security Tue Jul 2 19:21:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D0C1937B400 for ; Tue, 2 Jul 2002 19:21:47 -0700 (PDT) Received: from moek.pir.net (moek.pir.net [130.64.1.215]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7841943E31 for ; Tue, 2 Jul 2002 19:21:47 -0700 (PDT) (envelope-from pir@pir.net) Received: from pir by moek.pir.net with local (Exim) id 17PZm6-0003lz-00 for freebsd-security@freebsd.org; Tue, 02 Jul 2002 22:21:46 -0400 Date: Tue, 2 Jul 2002 22:21:46 -0400 From: Peter Radcliffe To: freebsd-security@freebsd.org Subject: Re: CERT Advisory CA-2002-18 OpenSSH Vulnerabilities in Challenge Response Message-ID: <20020703022146.GE9314@pir.net> Reply-To: freebsd-security@freebsd.org Mail-Followup-To: freebsd-security@freebsd.org References: <200207030109.g6319Ufb008965@apollo.backplane.com> <20020703012422.GC9314@pir.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.27i X-fish: < X-Copy-On-Listmail: Please do NOT Cc: me on list mail. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dag-Erling Smorgrav probably said: > They don't use the parts of libbind that contain the bug. They use > low-level functions that return raw DNS records rather than just host > names or IP addresses. and since libbind.a is isn't installed as part of the base OS, just by the port, most people should be ok. Thanks, P. -- pir pir-sig@pir.net pir-sig@net.tufts.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message