Me again. Wed, Nov 19, 2008 at 04:20:58PM +0300, Eygene Ryabinkin wrote: > Just came across the following list in the oss-security list: > http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
For you interest, CVE was created and it has some interesting links inside (SANS one explains some general trends): http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5161 It seems that some vendors are moving to the CTR encryption mode as the default one. Does anyone has something to say about this? As I understand, the advisory from CPNI is public, so there is no point to refraining from discuissing this in the open lists. OpenSSH people, I understand that this is not just "two day business", but can you at least drop a mail that you're investigating this? Thanks a lot. -- Eygene _ ___ _.--. # \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard / ' ` , __.--' # to read the on-line manual )/' _/ \ `-_, / # while single-stepping the kernel. `-'" `"\_ ,_.-;_.-\_ ', fsc/as # _.-'_./ {_.' ; / # -- FreeBSD Developers handbook {_.-``-' {_/ #
pgpsLVLUJDwB3.pgp
Description: PGP signature
