[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: openssh 3.1 & www.openbsd.org
I guess it is negotiable question this is local or remote vulnerability :-)
----- Original Message -----
From: "Alex de Joode" <email@example.com>
Sent: Friday, March 08, 2002 4:53 PM
Subject: openssh 3.1 & www.openbsd.org
> 1) why didn't the anouncement of OpenSSH 3.1 contain at least
> an advisory to upgrade as there was a hole in the previous
> versions. people reading the anouncement would not think
> "hey I *need* to upgrade".
> 2) given the openssh hole, it might be needed to change the
> OpenBSD website:
> "Four days without a remote hole in the default install!"
> or do the OpenBSD developers deem the hole not remote enough ?
> Exit! Stage Left!