Hi, I'm running woody but I have security.debian.org stable in my apt sources.list file:
deb http://ftp.debian.org/debian woody main contrib non-free deb http://non-us.debian.org woody/non-US main contrib non-free deb http://security.debian.org stable/updates main contrib non-free deb http://spidermonkey.helixcode.com/distributions/debian woody main As a result "dpkg -s ssh" yields: Package: ssh Status: install ok installed Priority: optional Section: non-US/main Installed-Size: 503 Maintainer: Philip Hands <[EMAIL PROTECTED]> Source: openssh Version: 1:1.2.3-9.2 ... And "zcat /usr/share/doc/ssh/changelog.Debian.gz | head" yields: openssh (1:1.2.3-9.2) stable; urgency=high * Non-maintainer upload by Security Team * Added backported fix for a buffer overflow (thanks to Piotr Roszatycki) * Added modified build dependencies from unstable for convenience * Added patch that fixes an rsa key exchange problem made public by CORE SDI. which is the fixed version mentioned in the security alert. Am I missing something here? I thought the security fix was installed. Stuart Quoting Richard ([EMAIL PROTECTED]): > > > On Thu, 22 Feb 2001, Micah Anderson wrote: > > > Potato has a fix at > > http://www.debian.org/security/2001/dsa-027 > > > > So how do we fix this on a woody machine? > You could build it from the source pkg's. > > put some deb-src lines in y'r /etc/apt/sources.list > apt-get (-b) source xxxx > btw. howdo these 'Build-Depends' work? > I alway find myself fetching, building, install additional pkgs by hand. > [RicV] > >
