De Raadt + FBSD + OpenSSH + hole?
Mailing lists
eng.todor.todorov at gmail.com
Sun Apr 13 22:27:30 UTC 2014
Hi everyone,
I came across this :
https://groups.google.com/forum/#!topic/mailing.openbsd.tech/xALfxxR3oKo
" You are welcome. Stuart Henderson wrote the draft, but he forgot that
part, and Damien Miller and I realized it was needed. We sensed there
might be some ambiguity... we'll take care the next time an
OpenOffice problem also.
... as long as you aren't using FreeBSD or a derivative (hint: Jupiper),
you are fine. That's the only place I know of an OpenSSH hole.
Oh now I sense some angst. Please ask Kirk McKusick, he knows the
story about why this is not being disclosed to FreeBSD. Sometimes I
feel a bit sorry for them (and for him), but then the next minute I
don't feel sorry because there's damn good reasons they won't be
told about what I found.
Does that answer help? Hope so."
Any guidance here?
More information about the freebsd-security
mailing list