On the distinguished day of Sep 16, Alan Horn wrote:

> On Tue, 16 Sep 2003, Mark wrote:
>
> >Date: Tue, 16 Sep 2003 04:52:11 -0500 (CDT)
> >From: Mark <mindfunk@mindfunk.net>
> >To: netbsd-help@netbsd.org
> >Subject: SSH vuln
> >
> >
> >Does anyone have any _credible_ info on the openssh vulnerability?
> >Everything I've seen has been a "so-n-so said" kind of thing.
...
> there is an OpenSSH advisory along with a patch to buffer.c describing
> the vulnerability.
>
> http://www.openssh.com/txt/buffer.adv

Okay, so I've been watching this with the few spare cycles I've had today,
firstly disabling sshd and secondly waiting for the security advisory.
Since I haven't seen it yet, and would like to patch and reenable sshd as
soon as possible, I'd like a quick 2-liner HOWTO... what do I need to do to
be sure I've got the right patched sshd built?  I'm running 1.6.1_STABLE.

Basically, is it: cvs up -d in crypto/dist/ssh and make install?

thanks,
-bp
--