ssh plaintext recovery SA

To: security-officer%NetBSD.org@localhost, tech-security%NetBSD.org@localhost
Subject: ssh plaintext recovery SA
From: Taylor R Campbell <campbell%mumble.net@localhost>
Date: Sat, 29 Aug 2009 18:36:56 -0400

The instructions for working around NetBSD-SA2009-005 by upgrading SSH
suggest that it suffices to run `make dependall' and `make install' in
usr.bin/ssh after updating crypto/dist/ssh.  When the advisory was
released last month, I replied asking how this would work: the updated
files were cipher.c, cipher.h, and packet.c in crypto/dist/ssh, which
contribute only to libssh, not to the ssh-related executables, so I
don't think that building new ssh executables by making in usr.bin/ssh
will cause any change; one must build a new libssh instead.

But don't think I received any answer to my message.  Was this
overlooked, or am I missing something?  (Or did an answer get buried
in my inbox or spam box?)

Prev by Date: Re: sshd_config and pam...
Next by Date: Partnership with netbsd.org
Previous by Thread: sshd_config and pam...
Next by Thread: Partnership with netbsd.org
Indexes:

Home | Main Index | Thread Index | Old Index