You could just recompile it yourself. I don't even use any of the Debian SSH packages anymore, they are mostly out-of-date anyway. The current SSH2 in woody is 2.0.13, for example. I just download the source and compile it myself for those kind of things.
There's another good point to that: Anything that intimitely connected with your system security should be done by hand anyway. Actually, if someone wants to give me a hint on how to use the dpkg tool to build things (never done it before!) and how to upload the compiled versions, I'd re-contribute the packages. Aaron On Thu, 22 Feb 2001, Micah Anderson wrote: > We are currently running woody on a production machine (yes, I am not that > happy about that decision). Woody does not get potato's security updates, > and does not get new unstable security fixes in a timely fashion. This > leaves woody vulnerable to certain kinds of problems, particularly > distressing right now is the ssh security issue that is out there, which > woody does not have a fix for. Potato has a fix at > http://www.debian.org/security/2001/dsa-027 > > So how do we fix this on a woody machine? > > There are a few things that can be done, none of them very great. There is > the possibility of putting the potato package on our machine, but are there > are dependancy issues or problems downgrading a package from woody to > potato? What about when a fix does finally come available for woody, will it > be an issue to bring the potato package up to that woody upgrade? There is > the possibility of enabling protocol2 only on our ssh installation, which > would make us safe, but is only an interim fix until an update comes > available for woody, this an issue for people who cannot connect via > protocol 2, and an annoyance/education effort for those who connect via > protocol 1. > > All of these aren't great. Unless I am wrong, currently there is no known > exploit for this hole, but that isn't that much of a reassurance either. > > Thanks, > Micah
