From owner-freebsd-security Mon Jun 24 14:57:30 2002 Delivered-To: freebsd-security@freebsd.org Received: from clink.schulte.org (clink.schulte.org [209.134.156.193]) by hub.freebsd.org (Postfix) with ESMTP id 666C337B406 for ; Mon, 24 Jun 2002 14:57:18 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by clink.schulte.org (Postfix) with ESMTP id 08CED243C2 for ; Mon, 24 Jun 2002 16:57:17 -0500 (CDT) Received: from schulte-laptop.nospam.schulte.org (nb-65.netbriefings.com [209.134.134.65]) by clink.schulte.org (Postfix) with ESMTP id 124ED243BE for ; Mon, 24 Jun 2002 16:57:15 -0500 (CDT) Message-Id: <5.1.1.6.2.20020624164701.041d6ec0@pop3s.schulte.org> X-Sender: (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 Date: Mon, 24 Jun 2002 16:54:40 -0500 To: freebsd-security@freebsd.org From: Christopher Schulte Subject: Upcoming OpenSSH vulnerability *unverified* Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by AMaViS 0.3.12pre6 on clink.schulte.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Any of you folk seen this yet? http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=102495293705094&q=raw 'There is an upcoming OpenSSH vulnerability that we're working on with ISS. Details will be published early next week.' I don't know the legitimacy of the info, but... offtopic: If this is legit, why is ISS working with the OpenBSD and OpenSSH people, after giving Apache such a run last week? Curious. -- Christopher Schulte http://www.schulte.org/ Do not un-munge my @nospam.schulte.org email address. This address is valid. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message