Date: Thu, 1 Aug 2002 21:05:56 -0400 From: Joshua Lee <yid@softhome.net> To: "DiCioccio, Jason" <jdicioccio@epylon.com> Cc: bond@comitnet.se, freebsd-security@FreeBSD.ORG Subject: Re: Trojan located in latest openssh tar files Message-ID: <20020801210556.04b0fee1.yid@softhome.net> In-Reply-To: <657B20E93E93D4118F9700D0B73CE3EA02FFF649@goofy.epylon.lan> References: <657B20E93E93D4118F9700D0B73CE3EA02FFF649@goofy.epylon.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 1 Aug 2002 16:58:14 -0700 "DiCioccio, Jason" <jdicioccio@epylon.com> wrote: > Neither -- unless you tell it to ignore the checksum on the port. As > far as the source tree, OpenSSH 3.4 was imported a while back, so I > don't think the same problem would exist as the trojan seemed to > originate yesterday. Yes, and to come to think of it since it requires the cooperation of a makefile, unless the source tree uses the makefile of the original package there's no hole for the source tree's openssh. Thanks for the help. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020801210556.04b0fee1.yid>