On Wed Sep 24, 2003 at 02:12:33PM -0700, James Sparenberg wrote: > > > Just so that I can verify, The recent rpms you put out for 9.1 and > > > 9.0 on openssh. Did those have the first or second round of patches. > > > Seems that on the openssh export (meaning non openBSD) they made an > > > error with the PAM config that is as bad as the hole the patch fixed. I > > > don't mean to push. Just need to be able to answer questions and I'm > > > not sure of the right answer. > > > > We have the two sets of patches the openssh team provided. The pam problems > > they introduced in 3.7 are not in our packages; the patches didn't touch pam > > stuff in this way. *Only* 3.7 and 3.7.1 are vulnerable to the pam problem > > that was announced yesterday (the day before? can't remember). > > > > Long and short of it is, our packages are fine. > > > > Chalk one up, again, to not putting out 3.7 when people were adamant it > > needed to be done. > > I hope you understand I'm not questioning your methods (they've done me > well so far.) I'm simply working on the answer to the PAM problem. It > seemed to me that as you said it didn't affect MDK. But, I was asked to > ask. So I did, and got an answer with better words than I could create. > Thanks.
You're welcome, and I knew you weren't questioning. It was more for the benefit of others who had insisted 3.7 be put into updates and to whom I had to explain countless times why I wouldn't. Hopefully they understand now. -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp00000.pgp
Description: PGP signature
