Segfault on invalid SSH keys.
Steve Kemp
steve at steve.org.uk
Fri Oct 16 05:54:42 AEDT 2015
> > Debian's wheezy release, which identifies as:
> > OpenSSH_6.0p1 Debian-4+deb7u2, OpenSSL 1.0.1e 11 Feb 2013
> >
> > Debian's jessie release, which identifies as:
> > OpenSSH_6.7p1 Debian-5, OpenSSL 1.0.1k 8 Jan 2015
>
> ok, I can reproduce it in 6.6, but it's fixed in 6.8.
Thanks for checking. I guess a CVE would make tracking useful
for the future, but it is low risk DoS for most people, so I'll
not push it :)
Steve
--
http://www.steve.org.uk/
More information about the openssh-unix-dev
mailing list