At this time I believe it's just a patch to the openBSD source for ssh..
theres nothing in portable.


On Tue, 16 Sep 2003, admin@datazap.net wrote:

>Date: Tue, 16 Sep 2003 13:50:27 -0400 (EDT)
>From: "admin@datazap.net" <admin@datazap.net>
>To: Alan Horn <ahorn@deorth.org>
>Cc: Mark <mindfunk@mindfunk.net>, netbsd-help@netbsd.org
>Subject: Re: SSH vuln
>
>Hi,
>
>Is this fix in the packaging system yet, and if it is when was it put in?
>
>Thanks,
>Al
>
>
>
>
>On Tue, 16 Sep 2003, Alan Horn wrote:
>
>> Date: Tue, 16 Sep 2003 10:30:52 -0700 (PDT)
>> From: Alan Horn <ahorn@deorth.org>
>> To: Mark <mindfunk@mindfunk.net>
>> Cc: netbsd-help@netbsd.org
>> Subject: Re: SSH vuln
>>
>>
>> there is an OpenSSH advisory along with a patch to buffer.c describing the
>> vulnerability.
>>
>> http://www.openssh.com/txt/buffer.adv
>>
>>
>> On Tue, 16 Sep 2003, Mark wrote:
>>
>> >Date: Tue, 16 Sep 2003 04:52:11 -0500 (CDT)
>> >From: Mark <mindfunk@mindfunk.net>
>> >To: netbsd-help@netbsd.org
>> >Subject: SSH vuln
>> >
>> >
>> >Does anyone have any _credible_ info on the openssh vulnerability?
>> >Everything I've seen has been a "so-n-so said" kind of thing.
>> >
>> >namaste,
>> >Mark
>> >
>> >PS - An entry way to all the fuss is @
>> >http://slashdot.org/articles/03/09/16/1327248.shtml?tid=126&tid=172
>> >
>> >
>>
>>
>
>