Date: Tue, 13 Feb 2001 19:33:48 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Igor Roshchin <str@giganda.komkon.org> Cc: security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-01:24.ssh Message-ID: <20010213193348.C61478@mollari.cthul.hu> In-Reply-To: <200102140320.WAA59845@giganda.komkon.org>; from str@giganda.komkon.org on Tue, Feb 13, 2001 at 10:20:59PM -0500 References: <200102140320.WAA59845@giganda.komkon.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--lMM8JwqTlfDpEaS6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Feb 13, 2001 at 10:20:59PM -0500, Igor Roshchin wrote: > > OpenSSH is installed if you chose to install the 'crypto' distribution > > at install-time or when compiling from source, and is installed and > > enabled by default as of FreeBSD 4.1.1-RELEASE. By default SSH1 > > protocol support is enabled. >=20 > Excuse me pointing to a similar point in the last few advisories, > but , again, for some reason earlier releases 4.0 and 4.1 are forgotten. > While the advisory includes those releases in the list > of vulnerable systems, the paragraph quoted above tells that > OpenSSH is install as of FreeBSD 4.1.1-RELEASE. > However, I see that 4.0-RELEASE had OpenSSH-1.2.2 > and it is, according to the quote below is vulnerable. If you look at http://www.freebsd.org/security we only claim to provide security support for the most recent version of FreeBSD (4.2-RELEASE) and after. Historically this is all we've done, although recently we've been doing some support for older versions as well (e.g. 4.1.1). However it is very time-consuming to do this, and I just didn't have time to generate and test patches for older releases this time around. If someone submits patches for older releases we'll update the advisory. Kris --lMM8JwqTlfDpEaS6 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6ifycWry0BWjoQKURAliuAKDI6r+VAY3s5aItN+bYfMYFbs8o7ACfYqEB bwUj3+mN81XmIhvyQVZgk/Y= =99DF -----END PGP SIGNATURE----- --lMM8JwqTlfDpEaS6-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010213193348.C61478>