On Wed, 19 Mar 2014, mancha wrote: > Hello. > > For the purposes of backporting, can you please confirm the relevant > change for the environment variable security fix in 6.6 is: > > http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.270;r2=1.271 Only the first chunk of the diff is strictly needed, the rest is hygiene. > FYI, not sure if the request originated with OpenBSD/OpenSSH but this > has been assigned CVE-2014-2532. Sigh, another inaccurate OpenSSH CVE. "Authentication: Not required to exploit", -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
