On Tue, Dec 04, 2001 at 03:04:09PM -0500, Steven M. Bellovin wrote:
> In message <20011204205730.A481@antioche.eu.org>, Manuel Bouyer writes:
> >On Tue, Dec 04, 2001 at 11:05:14AM -0800, Paul Hoffman wrote:
> >> I don't think the new version is in the 1.5.2 sources have the newest 
> >> version, which came out in the last few days.
> >
> >No, if it's a security issue which has not yet been published, then 1.5.2
> >doesn't have the fix.
> >BTW, it doens't need to be the last version to have the bugs fixed:
> >the ssh1 package is still 1.2.27 but isn't vulnerable to the crc32
> >exploit since february :)
> 
> THere's a new bug out there...

Do you know if it is also relevant to ssh1.2.x ?
Any pointers to some bug report ?

--
Manuel Bouyer <bouyer@antioche.eu.org>
--