Contributed by jose on from the fixing-the-ints dept.
"Markus Friedl just bumped the OpenSSH version to 3.4, and commited a fix for the "int overflow; from ISS", the commit message should be here "The commit message from Markus is
From: Markus Friedl
Date: Wed, 26 Jun 2002 07:55:38 -0600 (MDT) Subject: CVS: cvs.openbsd.org: src CVSROOT: /cvs Module name: src Changes by: firstname.lastname@example.org 2002/06/26 07:55:37 Modified files: usr.bin/ssh : auth2-chall.c Log message: make sure # of response matches # of queries, fixes int overflow; from ISS
The ISS advisory contains additional information on the vulnerability.
(Comments are closed)