[Bug 3950] principals= keyopt auth bypass via comma-split in match_principals_option (≤10.2p1, silently fixed fd1c7e1, no CVE)

[bugzilla-daemon at mindrot.org]

https://bugzilla.mindrot.org/show_bug.cgi?id=3950

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
It wasn't "silently fixed" - it was explained at length in the Security
section of the 10.3 release notes and the oss-security@ list informed
as part of the release.

The OpenSSH project doesn't request CVEs, usually downstream Linux
distributors do this as part of their vulnerability management process.
We don't generally do security advisories for low-impact bugs.

This is a low-impact bug, because 1) very few CAs hand-out certificates
with attacker-controlled principals. Controlling what goes into a
certificate, and particularly what goes into a principals section is
literally the CA's most important job. 2) it affects a relatively
obscure configuration; the majority most of certificate use is via
TrustedUserCAKeys, which isn't affected.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.