Subject: Re: updating openssh on releases [was: Re: CVS commit: doc]
To: Ignatios Souvatzis <ignatios@cs.uni-bonn.de>
From: None <itojun@iijlab.net>
List: tech-userlevel
Date: 02/14/2001 20:47:58
>In short: our ssh and ssh6 packages wer vulnerable; I've fixed them, and
>I've sent security officer my summary of my findings.
as far as I understand, ssh/ssh6 (based on ssh.com 1.2.27) has other
issues listed in http://www.openssh.com/security.html (only corrected
in 1.2.31 which comes with different license), so I don't
really recommend installing ssh/ssh6 even after Ignatios's fix.
itojun