Re: [d-security] Re: ssh vulnerability in the wild

To: debian-security@lists.debian.org
Subject: Re: [d-security] Re: ssh vulnerability in the wild
From: Dossy <dossy@panoptic.com>
Date: Tue, 16 Sep 2003 14:51:49 -0400
Message-id: <[🔎] 20030916185149.GH14295@panoptic.com>
Mail-followup-to: Dossy <dossy@panoptic.com>, debian-security@lists.debian.org
In-reply-to: <[🔎] 20030916174701.GB3749@ns.snowman.net>
References: <[🔎] 20030916143038.GG27127@hoffentlich.net> <[🔎] Pine.LNX.4.40.0309161559330.3755-100000@jehova.dsm.dk> <[🔎] 20030916153106.GE29419@westend.com> <[🔎] 20030916171034.GG14295@panoptic.com> <[🔎] 20030916174701.GB3749@ns.snowman.net>

On 2003.09.16, Stephen Frost <sfrost@snowman.net> wrote:
> > Is 3.6.1p2-3 vulnerable?  For those of us who want security, must we
> > downgrade to 3.4p1-1.1 or build from source after patching by hand?  Or
> > will this security fix be applied to sarge as well?
> 
> There's at least a version on incoming.debian.org which has the version
> for unstable.  I don't know what to tell you about testing/sarge.  I'm
> sure it will be in before release but beyond that I've no idea when it
> will make it into testing.

Eek.  So, if we want to run secure systems, we either have to run
unstable (and all the troubles that comes with) or stable?  I find that
"testing" is a good middle ground for a reasonably stable system but
with reasonably up-to-date packages, so that's why I run it.  Running
"stable" involves hand-managing way too many packages that I do need
more recent versions, and "unstable" involves way too many troubles if I
apt-get update without carefully inspecting what's being updated, which
I don't have the time for.

:-(  poop.

Guess I'll go the deb-src route and hand-patch, I guess.  Not what I
wanted to do today ... ;-)

-- Dossy

-- 
Dossy Shiobara                       mail: dossy@panoptic.com 
Panoptic Computer Network             web: http://www.panoptic.com/ 
  "He realized the fastest way to change is to laugh at your own
    folly -- then you can let go and quickly move on." (p. 70)

Reply to:

Follow-Ups:
- Re: [d-security] Re: ssh vulnerability in the wild
  - From: Rich Puhek <rpuhek@etnsystems.com>
- Re: [d-security] Re: ssh vulnerability in the wild
  - From: Rick Moen <rick@linuxmafia.com>
- Re: [d-security] Re: ssh vulnerability in the wild
  - From: Stephen Frost <sfrost@snowman.net>

References:
- Re: ssh vulnerability in the wild
  - From: Alexander Neumann <alexander@bumpern.de>
- Re: ssh vulnerability in the wild
  - From: Thomas Horsten <thomas@horsten.com>
- Re: [d-security] Re: ssh vulnerability in the wild
  - From: Christian Hammers <ch@debian.org>
- Re: [d-security] Re: ssh vulnerability in the wild
  - From: Dossy <dossy@panoptic.com>
- Re: [d-security] Re: ssh vulnerability in the wild
  - From: Stephen Frost <sfrost@snowman.net>

Prev by Date: Re: ssh vulnerability in the wild
Next by Date: Re: ssh vulnerability in the wild
Previous by thread: Re: [d-security] Re: ssh vulnerability in the wild
Next by thread: Re: [d-security] Re: ssh vulnerability in the wild
Index(es):
- Date
- Thread