severity 270770 important thanks On Thu, Sep 09, 2004 at 09:28:03AM -0700, Matt Zimmerman wrote: > The reason that you see this pattern is that: > > - The flaw is truly in the rcp protocol, and I don't think it can be fixed > properly without incompatibly changing it > > - The effects were not judged serious enough to implement the various > attempts at workarounds > > - The OpenBSD CVS commit you reference is a partial workaround, not a fix > > As far as I know, no vendors shipping OpenSSH have found this issue > appropriate for a security update.
If the security team doesn't feel this is serious enough to issue a security advisory, I don't see a reason to argue, so downgrading for now. Cheers, -- Colin Watson [EMAIL PROTECTED]
