Date: Wed, 26 Jun 2002 12:54:23 -0600 From: Theo de Raadt <deraadt@cvs.openbsd.org> To: Travis Cole <kelp@plek.org> Cc: freebsd-security@freebsd.org Subject: Re: Wow Message-ID: <200206261854.g5QIsNLI015235@cvs.openbsd.org> In-Reply-To: Your message of "Wed, 26 Jun 2002 14:51:27 EDT." <20020626185126.GB35484@ainaz.pair.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Wed, Jun 26, 2002 at 11:41:03AM -0600, Theo de Raadt wrote: > > Man, you guys sure do talk shit a lot. But anyways, that is hardly > > surprising or news. > > > > I do have a question though. > > > > Did any of you get broken in via this hole yet? > > Nope. Just wasted a good part of yesterday upgrading 60 boxes > from a non-vulnerable version of OpenSSH to a version with a now > known remote exploit. > > I think the PR for this issue could have been a bit better... We also did 5600 lines of further security auditing work over the last week. We're fairly convinced that some of the things we changed are relevant as well. ie. more holes. And that is commited in 3.4 By all means. Please continue running what you have. Don't upgrade to 3.4. And please turn privsep off. Or, please, use someone else's software. Please. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206261854.g5QIsNLI015235>