From owner-freebsd-stable@FreeBSD.ORG  Tue Sep 16 12:16:24 2003
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 93DFB16A4B3
	for <stable@freebsd.org>; Tue, 16 Sep 2003 12:16:24 -0700 (PDT)
Received: from ion.gank.org (ion.gank.org [69.55.238.164])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D855C43F85
	for <stable@freebsd.org>; Tue, 16 Sep 2003 12:16:23 -0700 (PDT)
	(envelope-from craig@meoqu.gank.org)
Received: from localhost (ion.gank.org [69.55.238.164])
	by ion.gank.org (GankMail) with ESMTP
	id 4741A2A82F; Tue, 16 Sep 2003 14:16:22 -0500 (CDT)
Received: from ion.gank.org ([69.55.238.164])
 by localhost (ion.gank.org [69.55.238.164]) (amavisd-new, port 10024)
 with LMTP id 56164-02; Tue, 16 Sep 2003 14:16:21 -0500 (CDT)
Received: from owen1492.uf.corelab.com (pix.corelab.com [12.45.169.2])
	by ion.gank.org (GankMail) with ESMTP
	id DC8F92A829; Tue, 16 Sep 2003 14:16:20 -0500 (CDT)
From: Craig Boston <craig@meoqu.gank.org>
To: Ruben de Groot <mail23@bzerk.org>
Date: Tue, 16 Sep 2003 14:16:17 -0500
User-Agent: KMail/1.5.3
References: <xzpr82graow.fsf@dwp.des.no>
	<JCEIKJMCANNPGKFKGLKLAEPGDPAA.mikej@trigger.net>
	<20030916171436.GA12867@ei.bzerk.org>
In-Reply-To: <20030916171436.GA12867@ei.bzerk.org>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200309161416.17241.craig@meoqu.gank.org>
X-Virus-Scanned: by amavisd-new at gank.org
cc: stable@freebsd.org
Subject: Re: Release Engineering Status Report
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Sep 2003 19:16:24 -0000

On Tuesday 16 September 2003 12:14 pm, Ruben de Groot wrote:
> Fortunately, there's allready a patch in the source tree:
>
> http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/buffer.c.diff?r1=1
>.1.1.6&r2=1.1.1.7&f=h

Yes, fortunately the patch is there.  I noticed however that in the version 
committed to the RELENG_4_8 branch, RCSID wasn't changed, so it's not 
possible to use ident to tell if your libssh needs to be patched or not (both 
old and new say 1.16)...  Was that an oversight or should I be using some 
other method to determine if I'm running a vulnerable version or not?

I also noticed the same thing with openssh-portable out of ports.

Thanks,
Craig