Date: Mon, 4 Aug 2003 16:32:03 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Troels Holm <th@cogito.dk> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:08.realpath Message-ID: <20030804213203.GE10339@madman.celabo.org> In-Reply-To: <009d01c35acd$c9585230$0201a8c0@THXP> References: <20030804210649.GC10339@madman.celabo.org> <009d01c35acd$c9585230$0201a8c0@THXP>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Aug 04, 2003 at 11:17:18PM +0200, Troels Holm wrote: > Jacques A. Vidrine wrote: > >> Does the openssh file need to be patched too? > > > > No, it is not used. > > But it states in the advisory that "sftp-server" is negatively > impacted....And its a part of OpenSSH. > Or did I get you wrong? The realpath.c that is distributed with OpenSSH-portable and found in our CVS tree as /usr/src/crypto/openssh/openbsd-compat/realpath.c is not used. Cheers, -- Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030804213203.GE10339>