On Mon, Jun 24, 2002 at 06:14:18PM -0700, justin cunningham wrote: > Hi list, can you please clarify something for me-- this should be pretty > straight forward so sorry if the question seems a bit lame. Can you > please reply to the email in addition to the list since I'm not > currently subscribed. > > I read this release http://www.debian.org/security/2002/dsa-134 and it > says to upgrade to ssh 3.3p1 for woody and that the package for potato > hasn't yet been compiled. > > On my stable boxes I ran apt-get update and it pulled down some patches > from security though the only recent post for security updates is this > one so was my open ssh from the potato branch updated proficiently or do > I need to install this new version? If I need to install ssh 3.3 and > want the rest of my box to stay in stable until woody is complete how do > I do this? > > Thanks, Justin >
According to my traversing through the security updates section via FTP, the ssh version there for potato i386 is 1.2.3-9.4 So no, you haven't fixed the vulnerability via any apt-get upgrades ... You really have two options: download the ssh source and compile it yourself, or wait until the potato update gets done. I presume potato is still being security patched, at least until a bit after Woody is released. - Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
