Subject: Re: OpenSSH Priv Sep and Remote Exploit?
To: Theo de Raadt <email@example.com>
From: Sean Davis <firstname.lastname@example.org>
Date: 06/24/2002 20:45:10
I don't really care about a bug description. But I do feel that having a fix
and not releasing it is a little irresponsible. It doesn't seem to me like too
much to ask that the authors provide fixes to their software.
On Mon, Jun 24, 2002 at 06:40:15PM -0600, Theo de Raadt wrote:
> How many of you want me to send them the exact bug description right
> And you won't tell anyone, right? Just our own little secret. We can
> be so 31337!
> > Sure, as long as I'm not vulnerable to this new bug (which it is
> > irresponsible of them not to give details of, but anyway) I don't really
> > care what version I have. I was just wondering, because I thought I saw 3.3
> > get committed the other day.
> > On Mon, Jun 24, 2002 at 08:31:13PM -0400, Perry E. Metzger wrote:
> > >
> > > email@example.com writes:
> > > > >Shouldn't we have 3.3 in basesrc/crypto/dist/ssh now? I know I saw commits
> > > > >yesterday (or perhaps the day before) saying it was updated to 3.3, but
> > > > >after a CVS update just now, I still get 3.2.1. I updated crypto/dist/ssh
> > > > >and usr.bin/ssh, and see no differences. Am I doing something wrong?
> > > >
> > > > are you on 1.6 branch? 1.6 branch has 3.2.1 with privilege separation
> > > > on by default.
> > >
> > > Is 3.2.1 with priv sep. sufficient?
> > >
> > > --
> > > Perry E. Metzger firstname.lastname@example.org
> > > --
> > > NetBSD: The right OS for your embedded design. http://www.wasabisystems.com/
> > --
> > /~\ The ASCII Sean Davis
> > \ / Ribbon Campaign aka dive
> > X Against HTML
> > / \ Email! http://endersgame.net/~dive/
/~\ The ASCII Sean Davis
\ / Ribbon Campaign aka dive
X Against HTML
/ \ Email! http://endersgame.net/~dive/