--T4sUOijqQbZv57TR
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

hi,

On Wed, Dec 05, 2001 at 06:55:20PM -0800, Jonathan R. Hinds wrote:
> I am fairly sure this has been fixed as of OpenSSH 3.0.2p1 -- released
> December 2nd.

that could be true. i do not argue. but there is nothing at OpenSSH's websi=
te
about this vulnerability (http://www.openssh.com/security.html), there was =
no
security advisory sent to tech-security@netbsd.org. and afaik, i haven't se=
en
this anywhere except today's post to vuln-dev (nothing in bugtraq, ..).

you are right, there is mail about this sent to openssh-unix-dev:

 http://marc.theaimsgroup.com/?l=3Dopenssh-unix-dev&m=3D100747128105913&w=
=3D2

thank you for pointing this out.

though i still think there should be NetBSD security advisory released and
appropriate patches made. not every user of NetBSD is subscribed there and
someone could have UseLogin allowed for various reasons.

regards,

--=20
-- Lubomir Sedlacik <salo@Xtrmntr.org>   ASCII Ribbon campaign against  /"\=
 --
--                  <salo@silcnet.org>   e-mail in gratuitous HTML and  \ /=
 --
--                                       Microsoft proprietary formats   X =
 --
-- PGPkey: http://Xtrmntr.org/salo.pgp                                  / \=
 --
-- Key Fingerprint: DBEC 8BEC 9A90 ECEC 0FEF  716E 59CE B70B 7E3B 70E2     =
 --

--T4sUOijqQbZv57TR
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (NetBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8DuDWWc63C347cOIRAlPkAKDcipbK7e7w+ikcD5DqUv7w5vNO4gCgmZbI
rb396Q8n3fQhlSFJAZJFh+Y=
=oGiQ
-----END PGP SIGNATURE-----

--T4sUOijqQbZv57TR--