On Tue, 16 Sep 2003, Florin Iucha wrote:

> > Debian stable already has an update available.
> 
> Where is it? I apt-get updated, and unstable latest is 3.6.1p2-6.
> 
> The same is reported by
>    http://packages.debian.org/cgi-bin/search_packages.pl?keywords=ssh&searchon=names&subword=1&version=all&release=all
>

Stable has v3.4 patched.
http://cert.uni-stuttgart.de/archive/debian/security/2003/09/msg00082.html

Unstable should be getting a new version soon. From the debian-list:

On Tue, Sep 16, 2003 at 03:51:03PM +0200, Christian Hammers wrote:
> Package: ssh
> Version: 1:3.6.1p2-6
> Severity: critical
> Tags: security
> 
> Hi
> 
> Just in case that this is no fake. I got no official OpenSSH
> announcement
> yet but the 3.7 release it's at least on the master ftp server.
> So be prepared... :-)

There's already been an NMU fixing this, and I'll be releasing
3.6.2p1-7 this evening. 3.7 includes a complete replacement PAM
implementation and isn't appropriate for a hurried release into
Debian.


_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list