Manfred Schuler wrote: > > this is another topic. > > Your link reports vulnerabilities in openssl. > > This information is about a trojan in the openssh source tarball. > The trojan opens a backdoor when compiling ssh. > > It is no security issue for leaf, only a hint for those people compiling ssh. > > Mike Noyes schrieb: > > > > Manfred, > > Michael addressed this issue is already. > > > > Re: [leaf-user] FORW: CERT Advisory CA-2002-23 Multiple Vulnerabilities > > In OpenSSL > > http://www.mail-archive.com/leaf-user%40lists.sourceforge.net/msg08584.html
Please, re-read the last three (3) lines posted therein: >> I want to ask, if we can shure the version in your leaf-cvs isn't affected? > > # md5sum ./openssh-3.4p1.tar.gz > 459c1d0262e939d6432f193c7a4ba8a8 ./openssh-3.4p1.tar.gz Obviously, the homework is left to the aspiring user to verify that that md5sum indicates that the source from which my packages are compiled is *NOT* affected by the trojan ;> hth -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel