Subject: Re: OpenSSH Priv Sep and Remote Exploit?
To: Sean Davis <email@example.com>
From: Theo de Raadt <firstname.lastname@example.org>
Date: 06/24/2002 18:40:15
How many of you want me to send them the exact bug description right
And you won't tell anyone, right? Just our own little secret. We can
be so 31337!
> Sure, as long as I'm not vulnerable to this new bug (which it is
> irresponsible of them not to give details of, but anyway) I don't really
> care what version I have. I was just wondering, because I thought I saw 3.3
> get committed the other day.
> On Mon, Jun 24, 2002 at 08:31:13PM -0400, Perry E. Metzger wrote:
> > email@example.com writes:
> > > >Shouldn't we have 3.3 in basesrc/crypto/dist/ssh now? I know I saw commits
> > > >yesterday (or perhaps the day before) saying it was updated to 3.3, but
> > > >after a CVS update just now, I still get 3.2.1. I updated crypto/dist/ssh
> > > >and usr.bin/ssh, and see no differences. Am I doing something wrong?
> > >
> > > are you on 1.6 branch? 1.6 branch has 3.2.1 with privilege separation
> > > on by default.
> > Is 3.2.1 with priv sep. sufficient?
> > --
> > Perry E. Metzger firstname.lastname@example.org
> > --
> > NetBSD: The right OS for your embedded design. http://www.wasabisystems.com/
> /~\ The ASCII Sean Davis
> \ / Ribbon Campaign aka dive
> X Against HTML
> / \ Email! http://endersgame.net/~dive/