From mboxrd@z Thu Jan  1 00:00:00 1970
From: Leo Famulari <leo@famulari.name>
Subject: Re: openssh vulnerability
Date: Wed, 17 Oct 2018 01:42:52 -0400
Message-ID: <20181017054252.GA21802@jasmine.lan>
References: <87efcp74ip.fsf@dustycloud.org>
 <87bm7ti3hd.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="Kj7319i9nmIyA2yE"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:34508)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1gCebv-0000pM-Bd
	for guix-devel@gnu.org; Wed, 17 Oct 2018 01:43:12 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1gCebs-0004z1-7V
	for guix-devel@gnu.org; Wed, 17 Oct 2018 01:43:11 -0400
Content-Disposition: inline
In-Reply-To: <87bm7ti3hd.fsf@gnu.org>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Mike Gerwitz <mtg@gnu.org>
Cc: Guix-devel <guix-devel@gnu.org>


--Kj7319i9nmIyA2yE
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Oct 17, 2018 at 12:47:26AM -0400, Mike Gerwitz wrote:
> On Tue, Oct 16, 2018 at 21:20:30 -0400, Christopher Lemmer Webber wrote:
> > https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-b=
ugfix-release/
> >
> > seems serious?
>=20
> Very... Fortunately that's libssh and not OpenSSH[0], but with that said,
> it does appear to be packaged in Guix and there are a couple packages
> that use it.

Patch at <https://bugs.gnu.org/33067>

--Kj7319i9nmIyA2yE
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlvGy9kACgkQJkb6MLrK
fwjHFA/6A5FpFiLVJXs3M8Ch4bOD77yphHUwu2LL1+CXDYW9DmjDdkSPJSwES9Du
TgPdw2pBDV5ZgIhSNpmM7Y9C+qNbiZm9zA5GFHckQ3lpSvcxFh9KBB40FiqcweR8
HvgBxUtsGqAFEUmuDI1OYW+L7JMKq9CaIw8qTE4AaUlQ9RMR3S433abHE73Fd+Z1
Xdz1jfX9W+yQhrIA3dj7c0gvwuVkYLSCohKrQxkcfyIq63SetshjYtZMp7ut4XZ2
S1/LFFRiHJGCC9lzijCIJh6F5ANq5Au5gPMx5ojAL8iEx80G+m9z0jrpIkpF91HA
i0QH1DhcZTGQpJAevwZLUHUDrxgjJWNHkoKH1lcKMPGJhPpjqhn3Oak7umKg2rpG
RKtgVUe4Fllpv8gHATIqIOFlRAqg1+Xfo825nErla+j23L8O7W/5xJojp8EPXn2F
uCKH+yy8YXn/2z2G8oEX/NfMXdQefc2X49H1/gkWo0OXTrQYBlAUpVlUXgSavurz
EPlwhj5ud4uiTuvCqh8PL2DHrAHVJRRxdCgFxXdmbEMlIb7QfkPg6Ct+DLbcfWY3
1rSpuW2XKuqVG8JIjsznzKRWSTcqbtUQTHdIXxLMYBWX6sybuOyp9Xs3L0dvQjpb
xyEsyu6kxRE2XGnVvGzgk9nPxTrONUekF32G5lzDQjWkz1qqUqQ=
=I7F2
-----END PGP SIGNATURE-----

--Kj7319i9nmIyA2yE--