On Fri, 9 Aug 2002, David Douthitt wrote:
> There was recently a break-in at the main site for the OpenSSH 3.4p1
> sources, and a back-door was inserted. The modified sources were
> caught quickly, but some may have been downloaded.
>
> The originals were not back-doored, and should be okay.
>
> The interesting thing is that this was not caught by some sophisticated
> digital signature, but by a FreeBSD porter who saw a bad md5sum and
> sat up and took notice...
>
> Time for a security update, Jacques? You know: "This distribution is
> not vulnerable."
That would probably be a good idea, but...
a) He is on vacation for another couple of weeks.
b) As previously reported here, the trojan seems to only affect machines
compiling the source, so the resulting LRP should be clean.
---------------------------------------------------------------------------
Jeff Newmiller The ..... ..... Go Live...
DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go...
Live: OO#.. Dead: OO#.. Playing
Research Engineer (Solar/Batteries O.O#. #.O#. with
/Software/Embedded Controllers) .OO#. .OO#. rocks...2k
---------------------------------------------------------------------------
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
