On Thu, Aug 01, 2002 at 04:21:21AM -0400, Len Rose wrote:
Not implying that SuSE has this problem (it doesn't) but you may wish to read this:
http://lists.netsys.com/pipermail/full-disclosure/2002-August/000734.html
Two things to note here. 1. The openssh RPMs released by SuSE do not seem to have this problem; any trojaning of the tarball must have happened afterwards, if at all. 2. The problem will affect only people recompiling openssh from source, not users installing binary RPMs. Disclaimer: I haven't checked the ftp archive at openbsd.org; all I've read so far is the web page mentioned above. By all I know this might also be a hoax. Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann