Subject: Re: OpenSSH Priv Sep and Remote Exploit?
To: Perry E. Metzger <email@example.com>
From: Sean Davis <firstname.lastname@example.org>
Date: 06/24/2002 20:37:17
Sure, as long as I'm not vulnerable to this new bug (which it is
irresponsible of them not to give details of, but anyway) I don't really
care what version I have. I was just wondering, because I thought I saw 3.3
get committed the other day.
On Mon, Jun 24, 2002 at 08:31:13PM -0400, Perry E. Metzger wrote:
> email@example.com writes:
> > >Shouldn't we have 3.3 in basesrc/crypto/dist/ssh now? I know I saw commits
> > >yesterday (or perhaps the day before) saying it was updated to 3.3, but
> > >after a CVS update just now, I still get 3.2.1. I updated crypto/dist/ssh
> > >and usr.bin/ssh, and see no differences. Am I doing something wrong?
> > are you on 1.6 branch? 1.6 branch has 3.2.1 with privilege separation
> > on by default.
> Is 3.2.1 with priv sep. sufficient?
> Perry E. Metzger firstname.lastname@example.org
> NetBSD: The right OS for your embedded design. http://www.wasabisystems.com/
/~\ The ASCII Sean Davis
\ / Ribbon Campaign aka dive
X Against HTML
/ \ Email! http://endersgame.net/~dive/