tech-pkg: Re: openssh and 1.5.4_ALPHA openssl version

Subject: Re: openssh and 1.5.4_ALPHA openssl version
To: Frederick Bruckman <fredb@immanent.net>
From: David Brownlee <abs@netbsd.org>
List: tech-pkg
Date: 08/20/2002 12:00:36

On Tue, 20 Aug 2002, Frederick Bruckman wrote:

> On Tue, 20 Aug 2002, David Brownlee wrote:
>
> > 	Is UPDATE_INTREE_OPENSSH still supposed to work with 1.5.x?
> >
> > /pkgsrc/security/openssh)65# make UPDATE_INTREE_OPENSSH=1
> > ===> OpenSSL>=0.9.5a in the base distribution is required.
> > /pkgsrc/security/openssh)66# openssl version
> > OpenSSL 0.9.5a 1 Apr 2000
>
> I guess not. The base openssl in 1.5.4_ALPHA seems to be vulnerable to
> the DoS fixed in openssl-0.9.6f.

	At the very least the IGNORE message should be updated to reflect
	that... :/

-- 
		David/absolute          -- www.netbsd.org: No hype required --