Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 14 Apr 2014 01:38:40 +0300
From:      Todor Todorov <todorov@paladin.bulgarpress.com>
To:        freebsd-security@freebsd.org
Subject:   De Raadt + FBSD + OpenSSH + hole?
Message-ID:  <534B11F0.9040400@paladin.bulgarpress.com>

next in thread | raw e-mail | index | archive | help
Hi everyone,
I came across this :

https://groups.google.com/forum/#!topic/mailing.openbsd.tech/xALfxxR3oKo

" You are welcome.  Stuart Henderson wrote the draft, but he forgot that 
part, and Damien Miller and I realized it was needed.  We sensed there 
might be some ambiguity...  we'll take care the next time an 
OpenOffice problem also. 

... as long as you aren't using FreeBSD or a derivative (hint: Jupiper), 
you are fine.  That's the only place I know of an OpenSSH hole. 

Oh now I sense some angst.  Please ask Kirk McKusick, he knows the 
story about why this is not being disclosed to FreeBSD.  Sometimes I 
feel a bit sorry for them (and for him), but then the next minute I 
don't feel sorry because there's damn good reasons they won't be 
told about what I found. 

Does that answer help?  Hope so."

Any guidance here?



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?534B11F0.9040400>