Date: Thu, 1 Aug 2002 16:58:14 -0700 From: "DiCioccio, Jason" <jdicioccio@epylon.com> To: 'Joshua Lee' <yid@softhome.net>, Artur Lindgren <bond@comitnet.se> Cc: freebsd-security@FreeBSD.ORG Subject: RE: Trojan located in latest openssh tar files Message-ID: <657B20E93E93D4118F9700D0B73CE3EA02FFF649@goofy.epylon.lan>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Neither -- unless you tell it to ignore the checksum on the port. As far as the source tree, OpenSSH 3.4 was imported a while back, so I don't think the same problem would exist as the trojan seemed to originate yesterday. Cheers, - -JD- - -----Original Message----- From: Joshua Lee [mailto:yid@softhome.net] Sent: Thursday, August 01, 2002 4:38 PM To: Artur Lindgren Cc: freebsd-security@FreeBSD.ORG Subject: Re: Trojan located in latest openssh tar files On Thu, 1 Aug 2002 14:11:24 +0200 Artur Lindgren <bond@comitnet.se> wrote: > I noticed that openssh-3.4p has a trojan horse (available from > >ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar. > >gz > and some of the mirrors. Is this a problem for someone who makes world with FreeBSD and gets OpenSSH from the source tree or only for people who get OpenSSH via ports? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPUnLOTKUHizV76d/EQLKngCgp0OoF/F0dNTAEDhXr5M5bYoBqXgAn2bX E+OcZTZ+1VGVNUXzKauaKK9k =br5K -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?657B20E93E93D4118F9700D0B73CE3EA02FFF649>