On Tuesday, 17 December 2002, at 08:42:03 +0800, Patrick Hsieh wrote: > Woody is shipping OpenSSH_3.4p1. Before the security team confirm this > vulnerability and release the upgrade package, is there any way to patch and > repackage the woody openssh? I just can't find the patch against this > vulnerability. > When updated packages are not available as soon as I consider necessary, I use to download the first SRPM (or whatever) package appears from one vendor including the patch, locating it (in the .spec file it should be the last "Patch"), and applying it to the Debian deb-src for the package, and then repackaging it with "dpkg-buildpackage".
Maybe this is not the most elegant way to solve the problem, but hope it works ok, and is reasonable easy. Just done it tonight with fetchmail and the recently discovered root remote exploit, awaiting for a version 6.2.0 packaged for unstable :-) Regards. -- Jose Luis Domingo Lopez Linux Registered User #189436 Debian Linux Woody (Linux 2.4.20-xfs)
