From owner-freebsd-questions Thu Oct 26 11:21:20 2000 Delivered-To: freebsd-questions@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id E0A2A37B4C5; Thu, 26 Oct 2000 11:21:16 -0700 (PDT) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id e9QIME770506; Thu, 26 Oct 2000 11:22:14 -0700 (PDT) (envelope-from kris) Date: Thu, 26 Oct 2000 11:22:14 -0700 From: Kris Kennaway To: Zvezdelin Vladov Cc: security-officer@FreeBSD.org, freebsd-questions@FreeBSD.org, freebsd-stable@FreeBSD.org Subject: Re: OpenSSH 2.1.x printf-style format string bugs! Message-ID: <20001026112214.A70478@citusc17.usc.edu> References: <20001026125049.29375.qmail@web805.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001026125049.29375.qmail@web805.mail.yahoo.com>; from zvezdi_v@yahoo.com on Thu, Oct 26, 2000 at 05:50:49AM -0700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Oct 26, 2000 at 05:50:49AM -0700, Zvezdelin Vladov wrote: > Dear Sirs, > Excuse me if I am wrong, > but on the RELENG_4 tag, > the openssh port seems to be the > old version, and as far as I can > see,( on the > http://www.freebsd.org/cgi/cvsweb.cgi/src/ > RELENG_4 tag) > And there are *some* security problems with it: Actually these aren't exploitable problems, as far as I could tell. I've been meaning to bring 2.2.0 into -stable but have been too busy. Thanks for the reminder - I'll do it this weekend. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message