Max Horn wrote: > At 12:23 Uhr -0400 26.06.2002, Chris Devers wrote: > >> [This is really aimed at fink-devel, but I've cc'ed -users too as >> I'm not sure if I'm properly subscribed to -devel at the moment...] > > Ugh, not good, in that case only send to fink-users, but please don't > cross post unless it is absolutly necessary, and then, send the messages > seperatly to each list.
Got it. I've removed -devel from this message, as I don't have time to get on both lists at the moment (damn job). >> Fink is currently providing a package for 3.2.2, which is one of >> the vulnerable versions. Will an upgrade be coming out, Max? > > > Yes. However, please folks, don't spread panic. > ChallengeResponseAuthentication is off by default, and only when it is > on does any danger exist. Skimming over some of the security sites, it seems like there are two different problems going on -- hence a recent upgrade to 3.3, and now another to 3.4 today. Does this setting inoculate Fink/SSH users against both vulnerabilities? And also, for anyone not using Fink's SSH, if there a problem with the SSH provided by Apple? I'm assuming that Apple needs to put out upgrades to SSH and, for that matter Apache, and this really isn't a Fink issue -- I only bring it up for context... Thanks Max. Your hard work is appreciated by thousands :) -- Chris Devers [EMAIL PROTECTED] DO NOT LEAVE IT IS NOT REAL ------------------------------------------------------- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn _______________________________________________ Fink-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/fink-users
