CVE-2014-1692

no_spam_98 at yahoo.com no_spam_98 at yahoo.com
Fri Jan 31 05:20:44 EST 2014


http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1692

The NIST advisory says that all versions of OpenSSH potentially contain the flaw.  But is that really true?  For example, I looked at the 3.8.1p1 distribution and didn't find any reference to JPAKE at all.

Thanks.



More information about the openssh-unix-dev mailing list