Halil Demirezen <[EMAIL PROTECTED]> writes: > and we installed the ssh from the deb packages using > apt-get install utility. > > I wonder if there is any risk on this stable version of OpenSSH > (Debian) undependent from openbsd's source tarball?
There isn't an easy way to determine whether a Debian package is authentic or not. I'm not even sure what "authentic" means in this context. The package you are referring to is probably not affected by the OpenBSD incident, but you cannot be sure that it hasn't been manipulated by some other means. -- Florian Weimer [EMAIL PROTECTED] University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898
