Re: rssh update
Brought to you by:
xystrus
From: richard l. <mai...@lu...> - 2006-07-19 12:13:18
|
On Tue, 18 Jul 2006 19:12:24 -0700 Russ Allbery <rr...@st...> wrote: > > On Bugtraq I saw this Debian update for rssh, but on the homepage I > > can't find anything. It says that "Russ Albery" found a bug in rssh, > > but according to the rssh homepage the last bugfix was from january > > 6 2006 and was discovered by Max Vozeler. Is the pizzashack.org > > website up2date? > > Yeah, I'm sorry about the attribution; if I'd known it was going to go > out like that, I would have had it corrected. I discovered the > problem independently and reported it to Debian first because I'd > thought it was a Debian-specific problem, and then only afterwards > (because I was looking at the wrong rssh home page and didn't realize > there was a new version) realized that it was already fixed in the > official version. Ok, thnx both of you. So if I understand it correctly the Debian version has been vulnerable for 7 months. I switched from the Sarge version to the vanilla version when I read about the vulnerability last January and I was already wondering why there wasn't a Debian security update. Next time I'll notify the Debian maintainer. R. -- ___________________________________________________________________ It is better to remain silent and be thought a fool, than to speak aloud and remove all doubt. +------------------------------------------------------------------+ | Richard Lucassen, Utrecht | | Public key and email address: | | http://www.lucassen.org/mail-pubkey.html | +------------------------------------------------------------------+ |