From owner-freebsd-security  Wed Jun 26  8:42:18 2002
Delivered-To: freebsd-security@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id B05D337BA18
	for <freebsd-security@FreeBSD.ORG>; Wed, 26 Jun 2002 08:40:26 -0700 (PDT)
Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.12.3/8.12.3) with SMTP id g5QFdcw6099621;
	Wed, 26 Jun 2002 11:39:38 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Wed, 26 Jun 2002 11:39:37 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.ORG>
X-Sender: robert@fledge.watson.org
To: Benjamin Krueger <benjamin@seattleFenix.net>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Much ado about nothing.
In-Reply-To: <Pine.NEB.3.96L.1020626105404.6618O-100000@fledge.watson.org>
Message-ID: <Pine.NEB.3.96L.1020626113536.6618Q-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

FWIW, this does not in any way change our current strategy of getting
-STABLE forward onto the most recent version of OpenSSH and getting
privilege separation shipped for -STABLE.  On the other hand, we're
clearly happy that the shipped version is not vulnerable to this
particular vulnerability.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Network Associates Laboratories

On Wed, 26 Jun 2002, Robert Watson wrote:

> Yeah, I believe the version of OpenSSH shipped in -STABLE and past
> releases is not vulnerable, but we'll need to sit down and check
> carefully.  People running -CURRENT (what few there are) should slide
> their trees forward, however. 
> 
> Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
> robert@fledge.watson.org      Network Associates Laboratories
> 
> On Wed, 26 Jun 2002, Benjamin Krueger wrote:
> 
> > 
> > http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20584
> > 
> > Regards,
> > 
> > -- 
> > Benjamin Krueger
> > 
> > "Life is far too important a thing ever to talk seriously about."
> > - Oscar Wilde (1854 - 1900)
> > ----------------------------------------------------------------
> > Send mail w/ subject 'send public key' or query for (0x251A4B18)
> > Fingerprint = A642 F299 C1C1 C828 F186  A851 CFF0 7711 251A 4B18
> > 
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> > 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message