[Uaflug] Debian SSH Advisory...
Joshua J. Kugler
joshua at eeinternet.com
Tue May 13 17:41:03 AKDT 2008
On Tuesday 13 May 2008, Orion Sky Lawlor said something like:
> No other distributions are at risk--it's a Debian-caused
> problem: "This is caused by an incorrect Debian-specific change to
> the openssl package (CVE-2008-0166)."
Incorrect patch, yes, but it seems that it was approved by someone at
openssl. See http://marc.info/?l=openssl-dev&m=114652287210110&w=2
The thread doesn't provide much context, but removing that lines in
question was either approved, or approved for testing only, and that
context didn't make it across the wire.
j
--
Joshua Kugler
Part-Time System Admin/Programmer
http://www.eeinternet.com
PGP Key: http://pgp.mit.edu/ ID 0xDB26D7CE
More information about the uaflug
mailing list