Hello. For the purposes of backporting, can you please confirm the relevant change for the environment variable security fix in 6.6 is: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.270;r2=1.271 FYI, not sure if the request originated with OpenBSD/OpenSSH but this has been assigned CVE-2014-2532. Thanks. --mancha