Date: Thu, 4 Jul 2002 19:49:27 +0200 From: Thomas Quinot <thomas@cuivre.fr.eu.org> To: D J Hawkey Jr <hawkeyd@visi.com> Cc: stable at FreeBSD <freebsd-stable@freebsd.org> Subject: Re: HEADS UP: FreeBSD-STABLE now has OpenSSH 3.4p1 Message-ID: <20020704194927.A71508@melusine.cuivre.fr.eu.org> In-Reply-To: <20020704123016.A89510@sheol.localdomain>; from hawkeyd@visi.com on Thu, Jul 04, 2002 at 12:30:17PM -0500 References: <20020704115910.A89342@sheol.localdomain> <5.1.1.6.2.20020704120834.0412d678@pop3s.schulte.org> <20020704123016.A89510@sheol.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
Le 2002-07-04, D J Hawkey Jr écrivait :
> > >At this time, OpenSSH 3.4 will not be merged into the security
> > >branches. They are currently not vulnerable, and major upgrades are
> > >outside the scope of the security branches, particularly when such
> > >upgrades are practically guaranteed to break existing installations.
> But, but... But 4.6-RELEASE is vulnerable, as I understand it, and OpenSSH
No, this is incorrect. The version of OpenSSH in 4.6-REL is 2.9,
which is not affected by the ChallengeResponseAuthentication
vulnerability.
Thomas.
--
Thomas.Quinot@Cuivre.FR.EU.ORG
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020704194927.A71508>