Subject: Re: [PINE-CERT-20020301] OpenSSH off-by-one
To: Steven M. Bellovin <email@example.com>
From: Brian A. Seklecki <firstname.lastname@example.org>
Date: 03/07/2002 13:23:21
On Thu, 7 Mar 2002, Steven M. Bellovin wrote:
> In message <20020307173813.GD10657@netmeister.org>, Jan Schaumann writes:
> >Content-Type: text/plain; charset=us-ascii
> >Content-Disposition: inline
> >It appears, NetBSD's ssh is affected by this
> Right -- I was about to post that, too.
> The problem is that openssh 3.1 will not compile with the version
> of openssl in 1.5.2. Is it safe to install the pkgsrc version on such
> systems? Will it override properly in the build process? I think I'm
> going to just apply the one-line patch for now, but that may not be
> feasible for the next hole.
It just got commited (i imagine the 1-5 branch will be brought up, too).
I imagine this warrants a security advisory?
Date: Thu, 7 Mar 2002 18:02:24 +0200 (EET)
From: Matthias Scheler <email@example.com>
Subject: CVS commit: basesrc/crypto/dist/ssh
Module Name: basesrc
Committed By: tron
Date: Thu Mar 7 16:02:23 UTC 2002
Fix off by one error described in "PINE-CERT-20020301" advisory.
To generate a diff of this commit:
cvs rdiff -r1.17 -r1.18 basesrc/crypto/dist/ssh/channels.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
> --Steve Bellovin, http://www.research.att.com/~smb
> Full text of "Firewalls" book now at http://www.wilyhacker.com
"There are only two things infinite: The universe, and human stupidity. And I'm not to sure about the first one." -Albert Einstein