On Tue, 4 Dec 2001, Manuel Bouyer wrote:

> On Tue, Dec 04, 2001 at 11:05:14AM -0800, Paul Hoffman wrote:
> > I don't think the new version is in the 1.5.2 sources have the newest
> > version, which came out in the last few days.
>
> No, if it's a security issue which has not yet been published, then 1.5.2
> doesn't have the fix.
> BTW, it doens't need to be the last version to have the bugs fixed:
> the ssh1 package is still 1.2.27 but isn't vulnerable to the crc32
> exploit since february :)

So what's the "remote-root-shell" mentioned in
".../pkgsrc/distfiles/vulnerabilities" all about?

Frederick