Greetz,

I've been trying to get a guage for where I stand with the software 
versions of a couple of packages I've got for my new 1.6.2 install.

I installed from the 1.6.2-bin ISO.  The builtin sshd shows as follows:

  $ scanssh 127.0.0.1
  127.0.0.1 SSH-1.99-OpenSSH_3.4 NetBSD_Secure_Shell-20030917

Is it true that the version that comes with 1.6.2 is 3.4? If so, what is 
the recommended update path to get to the current openssh release? Is 
one required, or is the version listed simply 3.4p with needed patches 
applied? Am I wrong to expect a current version number to reflect a 
current patch application?

Another one is openssl:

  $ openssl version
  OpenSSL 0.9.6g 9 Aug 2002

I installed the binary package "openssl-0.9.6l" to add openssl to my 
system. I see that NetBSD-SA2004-003 describes the ASN.1 issue and 
mentions that 0.9.6l package resolves the vulnerability. How does that 
tie in with the displayed release date of 9 Aug 2002? Simply patched 
source..?

TIA,

DS