Date: Mon, 15 Jul 2002 23:10:51 +0200 From: Cedric Ware <cedric.ware@enst.fr> To: Gregory Kuhn <admin@manicmoment.net> Cc: freebsd-security@freebsd.org Subject: Re: OpenSSH Message-ID: <20020715211051.GA10578@enst.fr> In-Reply-To: <5.1.0.14.2.20020715145432.00a54790@mail.interfold.com> References: <5.1.0.14.2.20020715145432.00a54790@mail.interfold.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, > Out of curiosity why hasn't OpenSSH 3.4 been included with the > latest stable version? Because -STABLE is reputed not to be vulnerable to the latest hole, see: http://online.securityfocus.com/archive/1/282331/2002-07-12/2002-07-18/0 Section III (although I still wonder - Challenge/Response is definitely OK but noone speaks about Keyboard/Interactive which affects OpenSSH 2.9...) Furthermore, it has been integrated in 4.6-STABLE, and a point-release 4.6.1 is in preparation. Hope this helps, Cedric Ware. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020715211051.GA10578>