Recent OpenSSL vulnerability require rebuild of OpenSSH

Markus Friedl markus at
Wed Oct 1 22:53:40 EST 2003

On Wed, Oct 01, 2003 at 11:24:50AM +0200, Markus Friedl wrote:
> recent openssh versions avoid the ASN.1 code

1.25         (mouring  20-Aug-02): openssh_RSA_verify(int type, u_char *hash, u_int hashlen,

so it's versions after 20-Aug-02.

> from openssl. only reading of private
> keys uses this code, so openssh is not affected.

More information about the openssh-unix-dev mailing list