Commits for CVE-2021-41617

Jan Damborsky dambi at tio.cz
Thu Sep 30 17:08:58 AEST 2021


On 30. 09. 21 8:56, Darren Tucker wrote:
> On Thu, 30 Sept 2021 at 16:37, Jan Damborsky <dambi at tio.cz> wrote:
>
>> I am now in process of preparing patch for OpenSSH 8.4p1
>> to address CVE-2021-41617 (fixed in OpenSSH 8.8p1),
>> but it is not quite clear to me which particular
>> commits are relevant.
>>
>> So far I have identified following ones:
>>
>>
>> https://github.com/openssh/openssh-portable/commit/f3cbe43e28fe71427d41cfe3a17125b972710455
>>
>> https://github.com/openssh/openssh-portable/commit/bf944e3794eff5413f2df1ef37cddf96918c6bde
>>
>> Could you please let me know that those are
>> the right ones or if there are more commits
>> to be included?
>>
> That's them.  You can cross-check against the equivalent patch for OpenBSD
> -stable:
> https://ftp.openbsd.org/pub/OpenBSD/patches/6.9/common/016_sshd.patch.sig

Thank you for confirmation, Darren.

Jan



More information about the openssh-unix-dev mailing list