Hi, I've only seen one (rather obscure) message to debian lists about this one, but there are 2 new exploits out for sshd
this one is not much to loose sleep about as it's rather tricky and OpenSSH claims that it's not exploitable though they have patched their source tree as of Jan 29, 2001: http://www.securityfocus.com/templates/archive.pike?mid=161150&fromthread=0&end2001-02-10&threads=0&list=1&start=2001-02-04&; This one is more worry some as it's a relatively simple buffer overflow and the debian stable version of OpenSSH *is* vulnerable (unstable which uses OpenSSH 2.3.0p1 seems OK, but don't take my word for it): http://razor.bindview.com/publish/advisories/adv_ssh1crc.html -Jon
