Subject: Re: [PINE-CERT-20020301] OpenSSH off-by-one
To: Jan Schaumann <firstname.lastname@example.org>
From: Steven M. Bellovin <email@example.com>
Date: 03/07/2002 12:52:52
In message <20020307173813.GD10657@netmeister.org>, Jan Schaumann writes:
>Content-Type: text/plain; charset=us-ascii
>It appears, NetBSD's ssh is affected by this
Right -- I was about to post that, too.
The problem is that openssh 3.1 will not compile with the version
of openssl in 1.5.2. Is it safe to install the pkgsrc version on such
systems? Will it override properly in the build process? I think I'm
going to just apply the one-line patch for now, but that may not be
feasible for the next hole.
--Steve Bellovin, http://www.research.att.com/~smb
Full text of "Firewalls" book now at http://www.wilyhacker.com