On Feb 9, 2001, Christian Hammers wrote:
> The ssh package at non-us.debian.org is ssh_2.3.0p1-1.11_i386.deb
What worries me is, the version of ssh on my machine is listed as:
ii ssh 2.1.1p4-2 Secure rlogin/rsh/rcp replacement (OpenSSH)
which doesn't correspond to either the 2.3.0p1-1.11 package in unstable
or the 1.2.3-9.1 package in stable and testing -- or, for that matter,
to the 1.2.3-9 version that (IIRC) was listed as the vulnerable version
in the alert. And even with security.debian.org in my sources.list,
'apt-get update; apt-get install ssh' insists that I have the latest
version. Am I vulnerable? If so, what do I need to upgrade to, and
how?
-sbigham
