Re: rssh update
Brought to you by:
xystrus
From: Derek M. <co...@pi...> - 2006-07-19 15:39:27
|
On Wed, Jul 19, 2006 at 02:13:09PM +0200, richard lucassen wrote: > Ok, thnx both of you. So if I understand it correctly the Debian version > has been vulnerable for 7 months. No, I don't believe that's correct. Jesus and I have worked closely to make sure that Debian's packages get security fixes. If I'm not mistaken, the Debian rssh-2.2.3 package for sarge contains a fix for this, which is essentially the same as updating to 2.3.2 -- Debian just doesn't update version numbers for security fixes, as stated previously in this thread. Jesus monitors this list, so when he gets the chance, I'm sure he'll respond definitively. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D |