On Tue, Sep 23, 2003 at 10:25:37PM +0200, Daniel Ahlberg wrote: > - - --------------------------------------------------------------------- > GENTOO LINUX SECURITY ANNOUNCEMENT 200309-14 > - - --------------------------------------------------------------------- > > PACKAGE : openssh > SUMMARY : multiple vulnerabilities in new PAM code > DATE : 2003-09-23 20:25 UTC > EXPLOIT : remote > VERSIONS AFFECTED : <openssh-3.7.1_p2 This is not right. The correct should be: VERSIONS AFFECTED: < openssh-3.7.1p2 >= openssh-3.7p1 (aka only 3.7p1 and 3.7.1p1) Versions before 3.7p1 are safe from this vulnerability (many vendors fixed the previous vulnerabilities using patches and therefore are safe). -- Ademar de Souza Reis Jr. <ademar@xxxxxxxxxxxxxxxx> ^[:wq!
Attachment:
pgp0aEU854CCa.pgp
Description: PGP signature