On Sun, Jun 1, 2008 at 10:07 PM, Yedidyah Bar-David <[EMAIL PROTECTED]> wrote: > Mind you, the bug was not in openssh, but in openssl. You should (at > least) update this one too. It affected many other packagess, including > openssh, which was updated to check for bad keys etc., but the actual fix > is in a newer version of openssl.
Yes, I realised that, thanks for your remark. But what I wonder is how someone like me who regularly update all "packages to be updated" and all security updates in aptitude (and have cron-apt download updated versions nightly) still got a broken ssh-keygen and needed manually intervene to get it fixed. It's just weird. I never noticed a problem like this in over ten years of using Debian (and that's my favourite argument in favour of this distro), and as far as I can tell this one didn't come from backports. --Amos ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]