tech-pkg: Re: openssh and 1.5.4_ALPHA openssl version

Subject: Re: openssh and 1.5.4_ALPHA openssl version
To: David Brownlee <abs@formula1.com>
From: Frederick Bruckman <fredb@immanent.net>
List: tech-pkg
Date: 08/20/2002 05:30:48

On Tue, 20 Aug 2002, David Brownlee wrote:

> 	Is UPDATE_INTREE_OPENSSH still supposed to work with 1.5.x?
>
> /pkgsrc/security/openssh)65# make UPDATE_INTREE_OPENSSH=1
> ===> OpenSSL>=0.9.5a in the base distribution is required.
> /pkgsrc/security/openssh)66# openssl version
> OpenSSL 0.9.5a 1 Apr 2000

I guess not. The base openssl in 1.5.4_ALPHA seems to be vulnerable to
the DoS fixed in openssl-0.9.6f.

Frederick