It sounds as if it's limited to versions 3.7p1 and3.7.1p1, but I thought I'd ask if anyone knows for a fact that the older version in Woody does not have this code.
According to http://www.openssh.com/txt/sshpam.adv there are multiple
vulnerabilities in the "new PAM code of Portable OpenSSH".
- Re: Newest OpenSSH advisory Riku Anttila
- Re: Newest OpenSSH advisory Ramon Kagan
- Re: Newest OpenSSH advisory Matt Zimmerman
