From owner-freebsd-security Thu Aug 1 18: 2:35 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 92D3337B400; Thu, 1 Aug 2002 18:02:33 -0700 (PDT) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2337E43E5E; Thu, 1 Aug 2002 18:02:33 -0700 (PDT) (envelope-from des@ofug.org) Received: by flood.ping.uio.no (Postfix, from userid 2602) id C1D37535E; Fri, 2 Aug 2002 03:02:29 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Chris Miller Cc: dinoex@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: CERT Advisory CA-2002-24 Trojan Horse OpenSSH Distribution (fwd) References: From: Dag-Erling Smorgrav Date: 02 Aug 2002 03:02:28 +0200 In-Reply-To: Message-ID: Lines: 11 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Chris Miller writes: > Are we affected by this? I couldn't find bf-test.c in the openssh > directory in /usr/ports. I'm assuming that since the part of the automagic > process of building the port involves checking the checksum that we are > safe, but I thought it best to ask. We're safe. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message