Date: Fri, 19 Sep 2003 15:46:56 +0200 From: "Devon H. O'Dell" <dodell@sitetronics.com> To: freebsd-security@freebsd.org Subject: Re: [FreeBSD-Announce] FreeBSD Security AdvisoryFreeBSD-SA-03:12.openssh [REVISED] Message-ID: <3F6B08D0.7080506@sitetronics.com> In-Reply-To: <20030919132433.GA66315@nevermind.kiev.ua> References: <200309172237.h8HMbuvK078935@freefall.freebsd.org> <20030918100907.GA85007@bender.kerna.ie> <20030918145005.GB32994@madman.celabo.org> <20030919131636.GB63736@nevermind.kiev.ua> <3F6B02D2.2030609@sitetronics.com> <20030919132433.GA66315@nevermind.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Alexandr Kovalenko wrote: >Hello, Devon H. O'Dell! > >On Fri, Sep 19, 2003 at 03:21:22PM +0200, you wrote: > > > >>Alexandr Kovalenko wrote: >> >> >> >>>[snip] >>> >>>I've used cvsup to update my sources but I see the same picture in >>>RELENG_4_7. >>> >>> >>> >>> >>As did I using RELENG_5_1 -- the version remains at 3.6.1p1. >> >> > >Not version, but timestamp! > > Umm... yeah, that was my implication. Sorry for the poor wording. My version string (generated by ssh -V or sshd --help) remains unchanged. The source is patched/updated and should by all means be invulnerable to that attack. I did not notice version.h or other related files being checked out in my cvsup. --Devon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F6B08D0.7080506>