OpenSSH 6.6 (env vars)

Damien Miller djm at
Thu Mar 20 14:25:27 EST 2014

On Wed, 19 Mar 2014, mancha wrote:

> Hello.
> For the purposes of backporting, can you please confirm the relevant 
> change for the environment variable security fix in 6.6 is:

Only the first chunk of the diff is strictly needed, the rest is hygiene.

> FYI, not sure if the request originated with OpenBSD/OpenSSH but this
> has been assigned CVE-2014-2532.

Sigh, another inaccurate OpenSSH CVE. "Authentication: Not required to


More information about the openssh-unix-dev mailing list