| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: ademar at conectiva.com.br (Ademar de Souza Reis Jr.) Subject: GLSA: openssh (200309-14) On Tue, Sep 23, 2003 at 10:25:37PM +0200, Daniel Ahlberg wrote: > - - --------------------------------------------------------------------- > GENTOO LINUX SECURITY ANNOUNCEMENT 200309-14 > - - --------------------------------------------------------------------- > > PACKAGE : openssh > SUMMARY : multiple vulnerabilities in new PAM code > DATE : 2003-09-23 20:25 UTC > EXPLOIT : remote > VERSIONS AFFECTED : <openssh-3.7.1_p2 This is not right. The correct should be: VERSIONS AFFECTED: < openssh-3.7.1p2 >= openssh-3.7p1 (aka only 3.7p1 and 3.7.1p1) Versions before 3.7p1 are safe from this vulnerability (many vendors fixed the previous vulnerabilities using patches and therefore are safe). -- Ademar de Souza Reis Jr. <ademar@...ectiva.com.br> ^[:wq! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030923/6a66a5ba/attachment.bin
Powered by blists - more mailing lists