* Dossy (dossy@panoptic.com) wrote: > On 2003.09.16, Christian Hammers <ch@debian.org> wrote: > > The new version has already been installed. This was quick. Good work, > > security team. > > > > openssh (1:3.4p1-1.1) stable-security; urgency=high > > > > * NMU by the security team. > > * Merge patch from OpenBSD to fix a security problem in buffer handling > > > > -- Wichert Akkerman <wakkerma@debian.org> Tue, 16 Sep 2003 13:06:31 +0200 > > Is 3.6.1p2-3 vulnerable? For those of us who want security, must we > downgrade to 3.4p1-1.1 or build from source after patching by hand? Or > will this security fix be applied to sarge as well? There's at least a version on incoming.debian.org which has the version for unstable. I don't know what to tell you about testing/sarge. I'm sure it will be in before release but beyond that I've no idea when it will make it into testing. Stephen
Attachment:
pgp7xaQWBd5Xv.pgp
Description: PGP signature