On Wed Sep 24, 2003 at 02:03:48AM -0700, James Sparenberg wrote: > Just so that I can verify, The recent rpms you put out for 9.1 and > 9.0 on openssh. Did those have the first or second round of patches. > Seems that on the openssh export (meaning non openBSD) they made an > error with the PAM config that is as bad as the hole the patch fixed. I > don't mean to push. Just need to be able to answer questions and I'm > not sure of the right answer.
We have the two sets of patches the openssh team provided. The pam problems they introduced in 3.7 are not in our packages; the patches didn't touch pam stuff in this way. *Only* 3.7 and 3.7.1 are vulnerable to the pam problem that was announced yesterday (the day before? can't remember). Long and short of it is, our packages are fine. Chalk one up, again, to not putting out 3.7 when people were adamant it needed to be done. -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp00000.pgp
Description: PGP signature
