From owner-freebsd-security Wed Jun 26 13:21:46 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.seattleFenix.net (sense-sea-MegaSub-1-501.oz.net [216.39.145.247]) by hub.freebsd.org (Postfix) with ESMTP id 6831137BFE6 for ; Wed, 26 Jun 2002 12:16:54 -0700 (PDT) Received: (from roo@localhost) by mail.seattleFenix.net (8.11.6/8.11.6) id g5QJHsO09281; Wed, 26 Jun 2002 12:17:54 -0700 (PDT) (envelope-from roo) Date: Wed, 26 Jun 2002 12:17:54 -0700 From: Benjamin Krueger To: Theo de Raadt Cc: Travis Cole , freebsd-security@freebsd.org Subject: Re: Wow Message-ID: <20020626121754.F8071@mail.seattleFenix.net> References: <20020626185126.GB35484@ainaz.pair.com> <200206261854.g5QIsNLI015235@cvs.openbsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200206261854.g5QIsNLI015235@cvs.openbsd.org>; from deraadt@cvs.openbsd.org on Wed, Jun 26, 2002 at 12:54:23PM -0600 X-PGP-Key: http://www.macguire.net/benjamin/public_key.asc Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org * Theo de Raadt (deraadt@cvs.openbsd.org) [020626 12:02]: > > On Wed, Jun 26, 2002 at 11:41:03AM -0600, Theo de Raadt wrote: > > > Man, you guys sure do talk shit a lot. But anyways, that is hardly > > > surprising or news. > > > > > > I do have a question though. > > > > > > Did any of you get broken in via this hole yet? > > > > Nope. Just wasted a good part of yesterday upgrading 60 boxes > > from a non-vulnerable version of OpenSSH to a version with a now > > known remote exploit. > > > > I think the PR for this issue could have been a bit better... > > We also did 5600 lines of further security auditing work over the last > week. We're fairly convinced that some of the things we changed are > relevant as well. ie. more holes. > > And that is commited in 3.4 Theo, When will we see an advisory and/or patches for older versions regarding the other holes that you have uncovered? Regards, -- Benjamin Krueger "Life is far too important a thing ever to talk seriously about." - Oscar Wilde (1854 - 1900) ---------------------------------------------------------------- Send mail w/ subject 'send public key' or query for (0x251A4B18) Fingerprint = A642 F299 C1C1 C828 F186 A851 CFF0 7711 251A 4B18 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message