From mboxrd@z Thu Jan  1 00:00:00 1970
From: Mike Gerwitz <mtg@gnu.org>
Subject: Re: openssh vulnerability
Date: Wed, 17 Oct 2018 00:47:26 -0400
Message-ID: <87bm7ti3hd.fsf@gnu.org>
References: <87efcp74ip.fsf@dustycloud.org>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:53419)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <mtg@gnu.org>)
	id 1gCdkH-0000nE-8m
	for guix-devel@gnu.org; Wed, 17 Oct 2018 00:47:45 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mtg@gnu.org>) id 1gCdkG-0002oK-Go
	for guix-devel@gnu.org; Wed, 17 Oct 2018 00:47:45 -0400
In-Reply-To: <87efcp74ip.fsf@dustycloud.org> (Christopher Lemmer Webber's
	message of "Tue, 16 Oct 2018 21:20:30 -0400")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Christopher Lemmer Webber <cwebber@dustycloud.org>
Cc: Guix-devel <guix-devel@gnu.org>

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Tue, Oct 16, 2018 at 21:20:30 -0400, Christopher Lemmer Webber wrote:
> https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bug=
fix-release/
>
> seems serious?

Very... Fortunately that's libssh and not OpenSSH[0], but with that said,
it does appear to be packaged in Guix and there are a couple packages
that use it.


[0]: You had me very worried from your subject line!

=2D-=20
Mike Gerwitz

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJbxr7eAAoJEIyRe39dxRuiBKAQAKtTyU2h1HnRUmFRsa3xOBqF
LkPuiJcD+uA1aofthKS2u5sD9tOiu0t38h2bQ3VAP8PQHXsOlXPR1jW3NO8WdQ/v
Do0WHyjAUxivZ2s+rfKVFqU3/6MfT0dbVT7rFvagPPhFL1+0mcxAayuoawmHUtQr
04b+GITpzRXe7WrPubIXuU4cz7VOAQWSmUEgQhVaPu06X5lGdIsupC8GN5wO7+4r
UV7LeODbi8jkwdK+kn8cUX274aTq08cmwSm7Nf8ySh2Z7DH9FMKfr/YbEVIotd2X
Vfq5qVoj1L0dps+t7MtbSlUd/QteCP4EKtN/xD8Nw8HlvRvdxlKszHVbwc2E7WIm
z5p3EYK9sFUJ5qpy7l8kCekE/fY6drxgDgwIDqlwL1vFA+VPRpkrNJgtfhDBvefD
qKLkvh/XEwV/wPwPC26qhkYlWmTYM8iudhzsk1VIqCss8SxNssZCmInqhD0oZBHH
AmSfmqFerDfKHf4/ijGxpED6nvpqeyqd24D7eddr/RQ243sXivhFGb3RY7pLLLoL
neJzqYPzUFIOkR6EDaC7Pe2QBTuyoukwRLVJDcHmFn3mC0pstDo79fqFUbvWUW+q
FaaRHY5RSp9I5h4YOA8CUR7oU9N951oTdttMsOOuFYIum51CpQmWYHMBVeyHa1za
hTP3IImkxpbmr2d67YTY
=O7rp
-----END PGP SIGNATURE-----
--=-=-=--