hi. first I want to say that the security team does a great job.
second i am kind of worried. I ran apt-get update/upgrade on a stable system just now and found it upgraded to openssh 3.3, i'm aware of the vuln that is comming out. but i was curious if the security team(or others) would re-examine the vulnerability once more details are released and if possible release an update to the potato version of openssh. i rather like the fact that most/all of the security patches are backported, this is quite a radical departure. I can only assume that openssh 1.2.x was/is vulnerable even though i have not noticed any versions other then 3.x being mentioned on bugtraq. since most of my systems are RSA-only authentication this will cause some minor issues, but i am more interested if the security team will look into backporting a fix for this to the older openssh. the security advisory on security.debian.org does not mention whether this is an interim patch or if another update may be provided(other then saying this patch may be buggy) it's not a critical issue, but i was just shocked to see openssh 3.3 on potato:) keep up the good work!! sorry if this is being discussed to death, i am on debian-user and not any other debian-specific lists if there is a thread that talks about this i would gladly read it. thanks! nate (admin of about 50 debian potato servers/workstations) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
