On Thu, 30 Sept 2021 at 16:37, Jan Damborsky <dambi@xxxxxx> wrote: > I am now in process of preparing patch for OpenSSH 8.4p1 > to address CVE-2021-41617 (fixed in OpenSSH 8.8p1), > but it is not quite clear to me which particular > commits are relevant. > > So far I have identified following ones: > > > https://github.com/openssh/openssh-portable/commit/f3cbe43e28fe71427d41cfe3a17125b972710455 > > https://github.com/openssh/openssh-portable/commit/bf944e3794eff5413f2df1ef37cddf96918c6bde > > Could you please let me know that those are > the right ones or if there are more commits > to be included? > That's them. You can cross-check against the equivalent patch for OpenBSD -stable: https://ftp.openbsd.org/pub/OpenBSD/patches/6.9/common/016_sshd.patch.sig -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
