On Thu, 15 Oct 2015, Steve Kemp wrote: > > ok, I can reproduce it in 6.6, but it's fixed in 6.8. > > Thanks for checking. I guess a CVE would make tracking useful for > the future, but it is low risk DoS for most people, so I'll not push > it :) There's no vulnerability here - it's an unexploitable NULL dereference. I can't see how it would be a denial of service either, because attempting to parse they key was always going to yield a fatal() exit anyway. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev