<br /> OpenSSH packages not vulnerable – Debian Planet

Welcome to Debian Planet

News for Debian. Stuff that *really* matters

Debian
These are important Debian sites one should not be without!

  • Official Debian site
  • Package search
  • Mailing list archives
  • Bug reports
  • Debian on CD
  • Unofficial APT sources
  • Developers’ Corner

    Other great Debian news sources:

  • Debian Weekly News
  • Kernel Cousin Debian
    (Debian mailing lists digested)
  • Community
    Need help? You’re not alone on this planet.

  • debianHELP
    (User support site)

  • Debian International
  • DebianForum.de
    (Deutsch)

  • DebianForum.dk
    (Dansk)

  • EsDebian
    (Español)

  • DebianWorld
    (Français)

  • MaximumDebian
    (Italiano)

  • DebianUsers
    (Korean)

  • Debian-BR
    (Português)
  • Contribute
    Got that latest or greatest scoop? Perhaps you have some important news for the Debian community? Submit a news item!

    Or perhaps you’ve written a rather ground breaking insight into some aspect of Debian and you feel compelled to share it with others? Knock up a longer editorial article and send it to the editors.

    IRC
    The place to get help on a Debian problem (after reading docs) or to just chat and chill is #debian on irc.debian.org.

    Many of the Debian Planet staff live there so pop by and say hello.

    Debian Planet also has its own channel on the same network called #debianplanet.

    Sponsorship

    DP is sponsored by Xinit Systems and kieser.net.

    Domains paid for and hosted by uklinux.net.

    Buy your Debian merchandise at DebianShop.com.

    OpenSSH packages not vulnerable
    Submitted by robster on Thursday, August 01, 2002 – 16:22
    SecurityThe OpenSSH 3.4p1 packages on the OpenBSD FTP server were trojaned earlier today, as discovered by a FreeBSD user, Edwin Groothuis. The trojan only works at build time, and binaries produced from the source are not vulnerable, as detailed on his weblog (copied to /. because of bandwidth limitations).

    The Debian packages were created some time ago from original untrojaned tarballs and are thus not affected in this way (and nor is the package maintainer’s machine). The source tarball and the binary packages in the Debian archive are not affected, as confirmed by the ssh package maintainer, and several other Debian developers.

    Category: News

    Control panel

    Comment viewing options:



    Select your prefered way to display the comments and click ‘Update settings’ to active your changes.

    Subject: However, source is source so
    Author: jeremy
    Date: Friday, 2002/08/16 – 10:46
    However, source is source so any trojan should hopefully be alot easier to discover. If the same thing happened with binaries it, might take a lot longer to find out and by that time it could be too late. Perhaps we should also encourage upstream maintainers to sign their source with GPG 🙂
    [ return ]

    Search articles



    Category
    ·News (66)
    ·Features (1)
    ·Site News (5)
    ·HOWTOs (18)
    ·Tips
    ·Opinion (6)
    ·Q & A (10)

    Log in
    Username:

    Password:

    Remember me

    » Register
    » New password

    Debian Security Announcements
    DSA-159 python
    DSA-158 gaim
    DSA-157 irssi-text
    DSA-156 epic4-script-light
    DSA-155 kdelibs
    DSA-154 fam
    DSA-153 mantis
    DSA-152 l2tpd
    DSA-151 xinetd
    DSA-150 interchange

    Latest poll: Any non-free software installed on your computer?
    No, it’s evil
    No, I don’t need any
    Yes, unfortunately
    Yes, and I don’t care
    Yes, but only NVidia drivers
    … and games from ID/Loki
    Non-free software?

    home · archives · news feeds · about · polls · search · sections · user account

    Powered by the amazing Drupal