From owner-freebsd-stable  Thu Jul  4 10:49:32 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 75B4537B400
	for <freebsd-stable@freebsd.org>; Thu,  4 Jul 2002 10:49:30 -0700 (PDT)
Received: from melusine.cuivre.fr.eu.org (melusine.cuivre.fr.eu.org [62.212.105.185])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AE3C443E09
	for <freebsd-stable@freebsd.org>; Thu,  4 Jul 2002 10:49:29 -0700 (PDT)
	(envelope-from thomas@cuivre.fr.eu.org)
Received: by melusine.cuivre.fr.eu.org (Postfix, from userid 1000)
	id DEF202C3D1; Thu,  4 Jul 2002 19:49:27 +0200 (CEST)
Date: Thu, 4 Jul 2002 19:49:27 +0200
From: Thomas Quinot <thomas@cuivre.fr.eu.org>
To: D J Hawkey Jr <hawkeyd@visi.com>
Cc: stable at FreeBSD <freebsd-stable@freebsd.org>
Subject: Re: HEADS UP: FreeBSD-STABLE now has OpenSSH 3.4p1
Message-ID: <20020704194927.A71508@melusine.cuivre.fr.eu.org>
Reply-To: thomas@cuivre.fr.eu.org
References: <20020704115910.A89342@sheol.localdomain> <5.1.1.6.2.20020704120834.0412d678@pop3s.schulte.org> <20020704123016.A89510@sheol.localdomain>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.2.5i
In-Reply-To: <20020704123016.A89510@sheol.localdomain>; from hawkeyd@visi.com on Thu, Jul 04, 2002 at 12:30:17PM -0500
X-message-flag: WARNING! Using Outlook can damage your computer.
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

Le 2002-07-04, D J Hawkey Jr écrivait :

> >  >At this time, OpenSSH 3.4 will not be merged into the security
> >  >branches.  They are currently not vulnerable, and major upgrades are
> >  >outside the scope of the security branches, particularly when such
> >  >upgrades are practically guaranteed to break existing installations.

> But, but... But 4.6-RELEASE is vulnerable, as I understand it, and OpenSSH

No, this is incorrect. The version of OpenSSH in 4.6-REL is 2.9,
which is not affected by the ChallengeResponseAuthentication
vulnerability.

Thomas.

-- 
    Thomas.Quinot@Cuivre.FR.EU.ORG

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message