On Fri, 8 Mar 2002, Michael Stone wrote: > Since Debian 2.2 (potato) shipped with OpenSSH (the "ssh" package) > version 1.2.3, it is not vulnerable to this exploit. No fix is required > for Debian 2.2 (potato).
According to the alert above, potato's version of OpenSSH is previous to the ones concerned. On my plain potato box, I get: $ ssh -V SSH Version OpenSSH_2.3.0p1, protocol versions 1.5/2.0. Compiled with SSL (0x0090600f). I don't see version 1.2.3, but a 2x version. Can anyone explain why I shouldn't be concerned? John
