> > Debian's wheezy release, which identifies as: > > OpenSSH_6.0p1 Debian-4+deb7u2, OpenSSL 1.0.1e 11 Feb 2013 > > > > Debian's jessie release, which identifies as: > > OpenSSH_6.7p1 Debian-5, OpenSSL 1.0.1k 8 Jan 2015 > > ok, I can reproduce it in 6.6, but it's fixed in 6.8. Thanks for checking. I guess a CVE would make tracking useful for the future, but it is low risk DoS for most people, so I'll not push it :) Steve -- http://www.steve.org.uk/ _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev