On Tue, Nov 16, 1999 at 11:30:16AM +0100, Oystein Viggen wrote: > Blue Boar wrote: > > > <SNIP> > > Debian is immune for the (somewhat messy) reasons that they do not link > > ssh to rsaref, last time that I checked. > > <SNIP> > > Does the fact that the international version of ssh from replay.com uses > "internal rsaref" instead of the "external rsaref" in the US version make > it immune to this attack too? > > The version is at least not as far as I can see externally linked to any > rsaref library: As far as I can tell from the spec file, the -5i version is never configured with --with-rsaref, and the guilty code in rsaglue.c is never reached. Dan /--------------------------------\ /--------------------------------\ | Daniel Jacobowitz |__| SCS Class of 2002 | | Debian GNU/Linux Developer __ Carnegie Mellon University | | danat_private | | dmj+@andrew.cmu.edu | \--------------------------------/ \--------------------------------/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:13:03 PDT