Segfault on invalid SSH keys.

Steve Kemp steve at steve.org.uk
Fri Oct 16 05:54:42 AEDT 2015


> >   Debian's wheezy release, which identifies as:
> >       OpenSSH_6.0p1 Debian-4+deb7u2, OpenSSL 1.0.1e 11 Feb 2013
> > 
> >   Debian's jessie release, which identifies as:
> >       OpenSSH_6.7p1 Debian-5, OpenSSL 1.0.1k 8 Jan 2015
> 
> ok, I can reproduce it in 6.6, but it's fixed in 6.8.

  Thanks for checking.  I guess a CVE would make tracking useful
 for the future, but it is low risk DoS for most people, so I'll
 not push it :)

Steve
-- 
http://www.steve.org.uk/


More information about the openssh-unix-dev mailing list