>Thanks for the clarification.
>
>I would also like to thank whomever for the extra descriptive text on
>the openssl patch issued the other day.  Having the clarification on
>the (non)impact on OpenSSH right in the patch was good ...

You are welcome.  Stuart Henderson wrote the draft, but he forgot that
part, and Damien Miller and I realized it was needed.  We sensed there
might be some ambiguity...  we'll take care the next time an
OpenOffice problem also.

... as long as you aren't using FreeBSD or a derivative (hint: Jupiper),
you are fine.  That's the only place I know of an OpenSSH hole.

Oh now I sense some angst.  Please ask Kirk McKusick, he knows the
story about why this is not being disclosed to FreeBSD.  Sometimes I
feel a bit sorry for them (and for him), but then the next minute I
don't feel sorry because there's damn good reasons they won't be
told about what I found.

Does that answer help?  Hope so.

Reply via email to