On Fri, Jul 21, 2023 at 4:37?AM Dmitry Belyavskiy <dbelyavs at redhat.com>
wrote:>
> On Thu, Jul 20, 2023 at 3:53?AM Damien Miller <djm at mindrot.org>
wrote:
> >
> >
> >
> > On Wed, 19 Jul 2023, Dmitry Belyavskiy wrote:
> >
> > > Dear Damien,
> > >
> > > Could you please clarify which versions are vulnerable?
> >
> > OpenSSH 5.5 through 9.3p1 inclusive
>
> Many thanks for the clarification!
I took a shot at it for RHEL 9. Red Hat and Fedora apply dozens of
tuning patches on top of OpenSSH. I think I'll wait for Fedora to have
a working version to try to port it to RHEL.