Date: Mon, 24 Jun 2002 17:27:11 -0600 From: Theo de Raadt <deraadt@cvs.openbsd.org> To: nectar@FreeBSD.ORG Cc: freebsd-security@FreeBSD.ORG Subject: Hogwash Message-ID: <200206242327.g5ONRBLI012690@cvs.openbsd.org>
next in thread | raw e-mail | index | archive | help
> Nobody is `in' on the bug. The OpenSSH team has given details to no > one so far, so we are assured to be blindsided. I'm afraid security > contacts with various projects and vendors know no more than what was > said in the bugtraq posting. Bullshit. You have been told to move up to privsep so that you are immunized by the time the bug is released. If you fail to immunize your users, then the best you can do is tell them to disable OpenSSH until 3.4 is out early next week with the bugfix in it. Of course, then the bug will be public. I am not nearly naive enough to believe that we can release a patch for this issue to any vendor, and have it not leak immediately. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206242327.g5ONRBLI012690>