On Wed, Jul 08, 2009 at 09:03:15AM +0200, Thijs Kinkhorst wrote: > You may have heard of the rumours that there's a new OpenSSH exploit but > it's unclear what this exploit actually is or whether it even exists: > http://isc.sans.org/diary.html?storyid=6742
Quite so. > However, one consistent claim is that the "current version" of OpenSSH > isn't affected. It would make sense to me to get at least unstable/sid > updated with the most recent upstream version, as it wouldn't hurt. Do you > as openssh maintainers think you can do this in the short term? This is at > least some potentially mitigating action we can already take. The delay's mostly been revision control pain at my end (the package is still in CVS and I haven't quite finished migrating it to bzr, which migration would make things a lot easier for me). I'll look into doing it before Debconf. -- Colin Watson [cjwat...@debian.org] -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org