On Wed, 2003-09-24 at 09:13, Vincent Danen wrote: > On Wed Sep 24, 2003 at 02:03:48AM -0700, James Sparenberg wrote: > > > Just so that I can verify, The recent rpms you put out for 9.1 and > > 9.0 on openssh. Did those have the first or second round of patches. > > Seems that on the openssh export (meaning non openBSD) they made an > > error with the PAM config that is as bad as the hole the patch fixed. I > > don't mean to push. Just need to be able to answer questions and I'm > > not sure of the right answer. > > We have the two sets of patches the openssh team provided. The pam problems > they introduced in 3.7 are not in our packages; the patches didn't touch pam > stuff in this way. *Only* 3.7 and 3.7.1 are vulnerable to the pam problem > that was announced yesterday (the day before? can't remember). > > Long and short of it is, our packages are fine. > > Chalk one up, again, to not putting out 3.7 when people were adamant it > needed to be done.
I hope you understand I'm not questioning your methods (they've done me well so far.) I'm simply working on the answer to the PAM problem. It seemed to me that as you said it didn't affect MDK. But, I was asked to ask. So I did, and got an answer with better words than I could create. Thanks. James
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
