On Tue, 16 Sep 2003, Florin Iucha wrote: > > Debian stable already has an update available. > > Where is it? I apt-get updated, and unstable latest is 3.6.1p2-6. > > The same is reported by > http://packages.debian.org/cgi-bin/search_packages.pl?keywords=ssh&searchon=names&subword=1&version=all&release=all > Stable has v3.4 patched. http://cert.uni-stuttgart.de/archive/debian/security/2003/09/msg00082.html Unstable should be getting a new version soon. From the debian-list: On Tue, Sep 16, 2003 at 03:51:03PM +0200, Christian Hammers wrote: > Package: ssh > Version: 1:3.6.1p2-6 > Severity: critical > Tags: security > > Hi > > Just in case that this is no fake. I got no official OpenSSH > announcement > yet but the 3.7 release it's at least on the master ftp server. > So be prepared... :-) There's already been an NMU fixing this, and I'll be releasing 3.6.2p1-7 this evening. 3.7 includes a complete replacement PAM implementation and isn't appropriate for a hurried release into Debian. _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list