tech-pkg: Re: OpenSSH Priv Sep and Remote Exploit?

Subject: Re: OpenSSH Priv Sep and Remote Exploit?
To: Mark E. Perkins <perkinsm@bway.net>
From: ali \(Anders Lindgren\) <dat94ali@ludat.lth.se>
List: tech-pkg
Date: 06/26/2002 16:26:39

On Wed, 26 Jun 2002, Mark E. Perkins wrote:

> I have some comments/questions on this....
> 
> 1) I'm running NetBSD 1.5 and recently updated ssh via pkgsrc to 3.2.3p1. I
> updated my pkgsrc tree last night (pkgsrc.tar.gz date of 22 June), but
> pkgsrc/security/openssh/Makefile still shows the version I installed (i.e.,
> rev 1.72 and openssh-3.2.3p1). Did I somehow manage to pull the wrong
> pkgsrc tree (mine came from /pub/NetBSD/NetBSD-current/tar_files)? If not,
> when can we expect to see 3.3.0.1 in pkgsrc?

I updated my pkgsrc with cvs about midnight last night
(around 0:04 CEST June 26) and just compiled openssh which was indeed
3.3.0.1 (pkg name) / 3.3p1 (distname).

However, a new, fixed openssh will be release on monday I hear, so
one might as well wait until monday and get the official fix.

-- 
/ali
:wq