--9jxsPFA5p3P2qPhR
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Feb 14, 2001 at 01:45:50PM +0900, itojun@iijlab.net wrote:
>=20
> >> Modified Files:
> >> 	doc: 3RDPARTY
> >>=20
> >> Log Message:
> >> update openssh import date
> >Thanks for updating -current's ssh. I wonder what the best way is to get
> >the updates on my box running 1.5? do we have a pkg?
>=20
> 	i'm working with security-officer to clarify this in an advisory.
> 	there are other issues which holds me from pulling the changes up to
> 	1.5 - i try to decide about it shortly.
>=20
> 	in short, for 1.5: ssh shipped in /usr/bin/ssh should be good enough.
> 	the version number indicates that it is 2.2.0, but it has the most
> 	critical fix described in
> 	http://razor.bindview.com/publish/advisories/adv_ssh1crc.html.

In short: our ssh and ssh6 packages wer vulnerable; I've fixed them, and
I've sent security officer my summary of my findings.

Regards,
	Ignatios

--9jxsPFA5p3P2qPhR
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: 2.6.i

iQEVAgUBOopvbzCn4om+4LhpAQG41Af+JR2+Wm/I9q80esL1Ab2zBYoFfjw6MPCY
dL/J7RCIxP1RvEO18uBNLj5PeG74/kwkjiyBCxEtwF0gbXwM4OigIBXRr1ft+FZi
WEj3K2ZKb5oud1YwTXXapqLD3WQN+/iMFyCtVy7hndldrq7ZqNa6DLwMvS9vy6+M
WOjFTz6qK9fBplhbz59k866eECzrP8Y7Ot3nfK6yd3wW74tOzVkLuz3m8ChPfXrU
CeTa8f8UJ6oQsL13k1B0mbFL3ia86FNedT85S3kB26HD5mtC6gnV8V+IfuJPdMuk
fWqrnvL43PejHNnzS1FsLf6qB7EbE7ZsjtNFu+dyJ6K9j/hpzBcm2A==
=M4xJ
-----END PGP SIGNATURE-----

--9jxsPFA5p3P2qPhR--