Re: Commits for CVE-2021-41617

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

On 30. 09. 21 8:56, Darren Tucker wrote:

On Thu, 30 Sept 2021 at 16:37, Jan Damborsky <dambi@xxxxxx> wrote:


I am now in process of preparing patch for OpenSSH 8.4p1
to address CVE-2021-41617 (fixed in OpenSSH 8.8p1),
but it is not quite clear to me which particular
commits are relevant.

So far I have identified following ones:


https://github.com/openssh/openssh-portable/commit/f3cbe43e28fe71427d41cfe3a17125b972710455

https://github.com/openssh/openssh-portable/commit/bf944e3794eff5413f2df1ef37cddf96918c6bde

Could you please let me know that those are
the right ones or if there are more commits
to be included?


That's them.  You can cross-check against the equivalent patch for OpenBSD
-stable:
https://ftp.openbsd.org/pub/OpenBSD/patches/6.9/common/016_sshd.patch.sig


Thank you for confirmation, Darren.

Jan

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux