On Wed, 2002-06-26 at 18:14, José Luis Gómez Dans wrote: > There were a few Debian security advisories going round in the > last couple of days, mostly saying that there were no details > available, but that such-and-such version was safe. No, Debian don't have a fixed version yet: nomad:~# apt-cache show ssh | grep Version: Version: 1:3.3p1-0.0woody4 Version: 1:3.3p1-0.0woody1 Version: 1:3.0.2p1-9 3.0.2 is testing, 3.3 is woody-updates. Only 3.4 contains a fix, although it's not clear whether the Debian versions are actually vulnerable - I've heard that turning s/key off at compile time makes you non-vulnerable. And, of course, turning off ChallengeResponseWotsit. > Was there ever a CERT advisory for this? NAFAIK :( Cheers, Alex.
Attachment:
signature.asc
Description: This is a digitally signed message part