Subject: Re: applying NetBSD Security Advisory 2001-010
To: Sam Carleton <email@example.com>
From: None <firstname.lastname@example.org>
Date: 07/25/2001 12:42:53
Sam Carleton wrote:
> I have a basic install of NetBSD 1.5. And I use ssh as my main form of
> access to the box so this is an important update for me. The
> instructions talk about using the program cvs. I do NOT have cvs on my
> machine. Is this part of the whole package setup, which I also don't
> have install? Or is it something else?
You can find the cvs package in /usr/pkgsrc/devel/cvs
But you can also update your source with the "sup" program.
Which is what most people use to update their src.
>I am under the impressiont that
> this security advisory is informing us that there is a new version of
> ssh, is that true? If there is a new version of ssh, would it not be
> easier for me to simply download the new version, compile it and
Its NOT a new version, just a bug fix for the current version.
Version: NetBSD-current: /usr/sbin/sshd from source before June
NetBSD 1.5: affected
pkgsrc: openssh packages prior to 2.9p2 (2.9p2
rottz at securityflaw dot com
Founder of Securityflaw