On Fri, Nov 16, 2001 at 10:39:22AM -0800, Jeremy C. Reed wrote:
> I believe this is the same ssh exploit documented recently in bugtraq. If
> I understand correctly, this was also fixed last February. See:
> 
> ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-003.txt.asc
> 
> http://staff.washington.edu/dittrich/misc/ssh-analysis.txt
> 
> So recent NetBSD's don't have this problem.
> 
> I noticed that the ftp server didn't have an updated binary package for
> ssh for 1.4.2 i386. Does anyone have it?

As ssh1 is a standalone package it should be possible to put one on the ftp
server. I can build one for i386, m68k  and sparc if someone is interested.
But are we allowed to distribute binaries packages of ssh1 ?

I don't think proposing openssh packages for 1.4.x is doable because of the
dependancies.

--
Manuel Bouyer <bouyer@antioche.eu.org>
--