Subject: Re: OpenSSH Priv Sep and Remote Exploit?
To: Mark E. Perkins <email@example.com>
From: ali \(Anders Lindgren\) <firstname.lastname@example.org>
Date: 06/26/2002 16:26:39
On Wed, 26 Jun 2002, Mark E. Perkins wrote:
> I have some comments/questions on this....
> 1) I'm running NetBSD 1.5 and recently updated ssh via pkgsrc to 3.2.3p1. I
> updated my pkgsrc tree last night (pkgsrc.tar.gz date of 22 June), but
> pkgsrc/security/openssh/Makefile still shows the version I installed (i.e.,
> rev 1.72 and openssh-3.2.3p1). Did I somehow manage to pull the wrong
> pkgsrc tree (mine came from /pub/NetBSD/NetBSD-current/tar_files)? If not,
> when can we expect to see 220.127.116.11 in pkgsrc?
I updated my pkgsrc with cvs about midnight last night
(around 0:04 CEST June 26) and just compiled openssh which was indeed
18.104.22.168 (pkg name) / 3.3p1 (distname).
However, a new, fixed openssh will be release on monday I hear, so
one might as well wait until monday and get the official fix.