From owner-freebsd-security  Tue Jun 25  5: 4:45 2002
Delivered-To: freebsd-security@freebsd.org
Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153])
	by hub.freebsd.org (Postfix) with ESMTP id A06BA37B401
	for <freebsd-security@FreeBSD.ORG>; Tue, 25 Jun 2002 05:04:41 -0700 (PDT)
Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111])
	by gw.nectar.cc (Postfix) with ESMTP
	id 084214F; Tue, 25 Jun 2002 07:04:41 -0500 (CDT)
Received: from madman.nectar.cc (localhost [IPv6:::1])
	by madman.nectar.cc (8.12.3/8.12.3) with ESMTP id g5PC4eiD045697;
	Tue, 25 Jun 2002 07:04:40 -0500 (CDT)
	(envelope-from nectar@madman.nectar.cc)
Received: (from nectar@localhost)
	by madman.nectar.cc (8.12.3/8.12.3/Submit) id g5PC4etm045696;
	Tue, 25 Jun 2002 07:04:40 -0500 (CDT)
Date: Tue, 25 Jun 2002 07:04:40 -0500
From: "Jacques A. Vidrine" <nectar@FreeBSD.ORG>
To: Keith Stevenson <keith.stevenson@louisville.edu>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Hogwash
Message-ID: <20020625120440.GD42982@madman.nectar.cc>
Mail-Followup-To: "Jacques A. Vidrine" <nectar@FreeBSD.org>,
	Keith Stevenson <keith.stevenson@louisville.edu>,
	freebsd-security@FreeBSD.ORG
References: <20020625010643.GC43386@madman.nectar.cc> <200206250111.g5P1BVLJ015666@cvs.openbsd.org> <20020625024401.GB43738@madman.nectar.cc> <20020624225524.A96380@osaka.louisville.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020624225524.A96380@osaka.louisville.edu>
User-Agent: Mutt/1.4i
X-Url: http://www.nectar.cc/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Mon, Jun 24, 2002 at 10:55:24PM -0400, Keith Stevenson wrote:
> I hate to intrude on the conversation, but what is FreeBSD's official response
> to this?  Posturing and full-disclosure debates aside, I'm inclined to take
> Theo's warning at face value.  I know better than to expect my commercial UNIX
> vendor to act swiftly, but I've come to expect more from the FreeBSD project.
> If FreeBSD is going to wait until after the exploits are published, please let
> us know now so I can plan appropriately.

We have imported OpenSSH 3.3 into -CURRENT, and will merge it to
-STABLE as soon as the kinks are worked out.

Cheers,
-- 
Jacques A. Vidrine <n@nectar.cc>                 http://www.nectar.cc/
NTT/Verio SME          .     FreeBSD UNIX     .       Heimdal Kerberos
jvidrine@verio.net     .  nectar@FreeBSD.org  .          nectar@kth.se

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message