Commits for CVE-2021-41617

Darren Tucker dtucker at
Thu Sep 30 16:56:41 AEST 2021

On Thu, 30 Sept 2021 at 16:37, Jan Damborsky <dambi at> wrote:

> I am now in process of preparing patch for OpenSSH 8.4p1
> to address CVE-2021-41617 (fixed in OpenSSH 8.8p1),
> but it is not quite clear to me which particular
> commits are relevant.
> So far I have identified following ones:
> Could you please let me know that those are
> the right ones or if there are more commits
> to be included?

That's them.  You can cross-check against the equivalent patch for OpenBSD

Darren Tucker (dtucker at
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list