On Saturday 10 August 2002 09:45, Jeff Newmiller wrote: > On Fri, 9 Aug 2002, David Douthitt wrote: > > There was recently a break-in at the main site for the OpenSSH > > 3.4p1 sources, and a back-door was inserted. The modified sources > > were caught quickly, but some may have been downloaded. > > > > The originals were not back-doored, and should be okay. > > > > The interesting thing is that this was not caught by some > > sophisticated digital signature, but by a FreeBSD porter who saw a > > bad md5sum and sat up and took notice... > > > > Time for a security update, Jacques? You know: "This distribution > > is not vulnerable." > > That would probably be a good idea, but... > > a) He is on vacation for another couple of weeks. > > b) As previously reported here, the trojan seems to only affect > machines compiling the source, so the resulting LRP should be clean.
I believe Micheal Schleif has updated ssh packages that are not affected by this. I'd check the list archives around 1~2 weeks ago for the packages. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
