thr3ads.net - openssh unix dev - OpenSSH 6.6 (env vars) [Mar 2014]

If this information is useful, please help other people find it:
Share via:

mancha

2014-Mar-19 19:41 UTC

OpenSSH 6.6 (env vars)

Hello.

For the purposes of backporting, can you please confirm the relevant 
change for the environment variable security fix in 6.6 is:

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.270;r2=1.271

FYI, not sure if the request originated with OpenBSD/OpenSSH but this
has been assigned CVE-2014-2532.

Thanks.

--mancha

Damien Miller

2014-Mar-20 03:25 UTC

head link

OpenSSH 6.6 (env vars)

On Wed, 19 Mar 2014, mancha wrote:
> Hello.
> 
> For the purposes of backporting, can you please confirm the relevant 
> change for the environment variable security fix in 6.6 is:
> 
>
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.270;r2=1.271
Only the first chunk of the diff is strictly needed, the rest is hygiene.
> FYI, not sure if the request originated with OpenBSD/OpenSSH but this
> has been assigned CVE-2014-2532.
Sigh, another inaccurate OpenSSH CVE. "Authentication: Not required to
exploit",

-d

Reasonably Related Threads

Search for more seemingly similar threads

openssh unix dev - Mar 2014 - OpenSSH 6.6 (env vars)

OpenSSH 6.6 (env vars)

OpenSSH 6.6 (env vars)

Reasonably Related Threads