i sent a message to bugtraq a couple minutes ago asking the people on the list if any other versions were tested. hoping that it gets approved, usually takes a few hours or a day to make it through.
but the way I read the advisory debian potato's SSH should not be vulnerable to this bug. which would be great news to me. the advisory only mentions openssh 3.0 and up being possibly affected. no mention of any other versions being vulnerable or not vulnerable, and no mention of any other versions that were tested. so i'm keepin my hopes up and my firewalls tight in the meantime ! advisory: http://online.securityfocus.com/archive/1/278818/2002-06-23/2002-06-29/0 if anyone has more information on whether or not the older openSSH's are vulnerable please pass it along to me!! thanks nate -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]