Date: Thu, 04 Jul 2002 10:59:16 -0700 (PDT) From: Mark Hartley <mark@work.drapple.com> To: D J Hawkey Jr <hawkeyd@visi.com> Cc: stable at FreeBSD <freebsd-stable@FreeBSD.ORG>, Christopher Schulte <schulte+freebsd@nospam.schulte.org> Subject: Re: HEADS UP: FreeBSD-STABLE now has OpenSSH 3.4p1 Message-ID: <XFMail.020704105916.mark@work.drapple.com> In-Reply-To: <20020704123016.A89510@sheol.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
On 04-Jul-02 D J Hawkey Jr wrote: > On Jul 04, at 12:18 PM, Christopher Schulte wrote: >> >> At 11:59 AM 7/4/2002 -0500, D J Hawkey Jr wrote: >> >Once the dust has settled, will the recent changes in 4.6-STABLE be MFC'd >> >to 4.6-RELEASE: >> > >> > - OpenSSH 3.4p1 >> >> I don't think so. >> >> >At this time, OpenSSH 3.4 will not be merged into the security >> >branches. They are currently not vulnerable, and major upgrades are >> >outside the scope of the security branches, particularly when such >> >upgrades are practically guaranteed to break existing installations. > > But, but... But 4.6-RELEASE is vulnerable, as I understand it, and OpenSSH > has to be considered within scope, no? > The OpenSSH in 4.6-RELEASE is NOT vulnerable to the recent ssh hole. This has been stated several times (though maybe not on the -stable list). See this link for more details: http://docs.freebsd.org/cgi/getmsg.cgi?fetch=468648+0+current/freebsd-security Mark. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.020704105916.mark>