Situation remains cloudy.

[Dave Aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ok, so to sum up the two emails below:

1. Fedora's package signing box was compromised by unknown parties. 
Fedora does not think the key's passphrase was compromised however. They 
are changing their keys.

2. RedHat's package signing key was used to sign trojaned OpenSSH 
packages. RedHat does not think these were distributed via the Red Hat 
Network auto-update service.

http://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html
http://rhn.redhat.com/errata/RHSA-2008-0855.html

- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIrsehtehAhL0gheoRAkuqAJ4mvzv4G4ecq0lhqkBVrZLzvO5mAACfVwIc
Q4GJxw1kSvTKUMXlYsNfOWo=
=X5qc
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave