From owner-freebsd-security Mon Jul 15 14:10:57 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0982437B405 for ; Mon, 15 Jul 2002 14:10:55 -0700 (PDT) Received: from smtp2.enst.fr (matrix2.enst.fr [137.194.2.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id 418AC43E6D for ; Mon, 15 Jul 2002 14:10:54 -0700 (PDT) (envelope-from cedric.ware@enst.fr) Received: from olympe.enst.fr (olympe.enst.fr [137.194.64.54]) by smtp2.enst.fr (Postfix) with ESMTP id ED5BC1EF8C; Mon, 15 Jul 2002 23:10:49 +0200 (MEST) Received: by olympe.enst.fr (Postfix, from userid 14110) id 267C81108B; Mon, 15 Jul 2002 23:10:51 +0200 (CEST) Date: Mon, 15 Jul 2002 23:10:51 +0200 From: Cedric Ware To: Gregory Kuhn Cc: freebsd-security@freebsd.org Subject: Re: OpenSSH Message-ID: <20020715211051.GA10578@enst.fr> References: <5.1.0.14.2.20020715145432.00a54790@mail.interfold.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5.1.0.14.2.20020715145432.00a54790@mail.interfold.com> User-Agent: Mutt/1.3.28i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, > Out of curiosity why hasn't OpenSSH 3.4 been included with the > latest stable version? Because -STABLE is reputed not to be vulnerable to the latest hole, see: http://online.securityfocus.com/archive/1/282331/2002-07-12/2002-07-18/0 Section III (although I still wonder - Challenge/Response is definitely OK but noone speaks about Keyboard/Interactive which affects OpenSSH 2.9...) Furthermore, it has been integrated in 4.6-STABLE, and a point-release 4.6.1 is in preparation. Hope this helps, Cedric Ware. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message