Date: Thu, 4 Jul 2002 12:56:08 -0500 From: D J Hawkey Jr <hawkeyd@visi.com> To: Thomas Quinot <thomas@cuivre.fr.eu.org> Cc: stable at FreeBSD <freebsd-stable@freebsd.org> Subject: Re: HEADS UP: FreeBSD-STABLE now has OpenSSH 3.4p1 Message-ID: <20020704125608.A89587@sheol.localdomain> In-Reply-To: <20020704194927.A71508@melusine.cuivre.fr.eu.org>; from thomas@cuivre.fr.eu.org on Thu, Jul 04, 2002 at 07:49:27PM %2B0200 References: <20020704115910.A89342@sheol.localdomain> <5.1.1.6.2.20020704120834.0412d678@pop3s.schulte.org> <20020704123016.A89510@sheol.localdomain> <20020704194927.A71508@melusine.cuivre.fr.eu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jul 04, at 07:49 PM, Thomas Quinot wrote:
>
> Le 2002-07-04, D J Hawkey Jr écrivait :
>
> > But, but... But 4.6-RELEASE is vulnerable, as I understand it
>
> No, this is incorrect. The version of OpenSSH in 4.6-REL is 2.9,
> which is not affected by the ChallengeResponseAuthentication
> vulnerability.
Ah. All righty, then. Thanks for the clarification.
But what about the ATAPI fixes, and maybe even the builtin 'test' fix
(once it's been MFC'd into -STABLE, of course).
> Thomas.
One down, one to go!
Dave
--
______________________ ______________________
\__________________ \ D. J. HAWKEY JR. / __________________/
\________________/\ hawkeyd@visi.com /\________________/
http://www.visi.com/~hawkeyd/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020704125608.A89587>