see http://www.openssh.com/txt/cbc.adv
On Fri, 21 Nov 2008, Eygene Ryabinkin wrote: > Me again. > > Wed, Nov 19, 2008 at 04:20:58PM +0300, Eygene Ryabinkin wrote: > > Just came across the following list in the oss-security list: > > http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt > > For you interest, CVE was created and it has some interesting > links inside (SANS one explains some general trends): > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5161 > > It seems that some vendors are moving to the CTR encryption mode as the > default one. Does anyone has something to say about this? As I > understand, the advisory from CPNI is public, so there is no point to > refraining from discuissing this in the open lists. OpenSSH people, I > understand that this is not just "two day business", but can you at > least drop a mail that you're investigating this? > > Thanks a lot. > -- > Eygene > _ ___ _.--. # > \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard > / ' ` , __.--' # to read the on-line manual > )/' _/ \ `-_, / # while single-stepping the kernel. > `-'" `"\_ ,_.-;_.-\_ ', fsc/as # > _.-'_./ {_.' ; / # -- FreeBSD Developers handbook > {_.-``-' {_/ # > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
