Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 13 Feb 2001 19:33:48 -0800
From:      Kris Kennaway <kris@obsecurity.org>
To:        Igor Roshchin <str@giganda.komkon.org>
Cc:        security@freebsd.org
Subject:   Re: FreeBSD Security Advisory FreeBSD-SA-01:24.ssh
Message-ID:  <20010213193348.C61478@mollari.cthul.hu>
In-Reply-To: <200102140320.WAA59845@giganda.komkon.org>; from str@giganda.komkon.org on Tue, Feb 13, 2001 at 10:20:59PM -0500
References:  <200102140320.WAA59845@giganda.komkon.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--lMM8JwqTlfDpEaS6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Feb 13, 2001 at 10:20:59PM -0500, Igor Roshchin wrote:

> > OpenSSH is installed if you chose to install the 'crypto' distribution
> > at install-time or when compiling from source, and is installed and
> > enabled by default as of FreeBSD 4.1.1-RELEASE.  By default SSH1
> > protocol support is enabled.
>=20
> Excuse me pointing to a similar point in the last few advisories,
> but , again, for some reason earlier releases 4.0 and 4.1 are forgotten.
> While the advisory includes those releases in the list
> of vulnerable systems, the paragraph quoted above tells that
> OpenSSH is install as of FreeBSD 4.1.1-RELEASE.
> However, I see that 4.0-RELEASE had OpenSSH-1.2.2
> and it is, according to the quote below is vulnerable.

If you look at http://www.freebsd.org/security we only claim to
provide security support for the most recent version of FreeBSD
(4.2-RELEASE) and after.  Historically this is all we've done,
although recently we've been doing some support for older versions as
well (e.g. 4.1.1).  However it is very time-consuming to do this, and
I just didn't have time to generate and test patches for older
releases this time around.

If someone submits patches for older releases we'll update the advisory.

Kris
--lMM8JwqTlfDpEaS6
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6ifycWry0BWjoQKURAliuAKDI6r+VAY3s5aItN+bYfMYFbs8o7ACfYqEB
bwUj3+mN81XmIhvyQVZgk/Y=
=99DF
-----END PGP SIGNATURE-----

--lMM8JwqTlfDpEaS6--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010213193348.C61478>