Mailing List Archive

Commits for CVE-2021-41617
Hi guys,

I am now in process of preparing patch for OpenSSH 8.4p1
to address CVE-2021-41617 (fixed in OpenSSH 8.8p1),
but it is not quite clear to me which particular
commits are relevant.

So far I have identified following ones:

https://github.com/openssh/openssh-portable/commit/f3cbe43e28fe71427d41cfe3a17125b972710455
https://github.com/openssh/openssh-portable/commit/bf944e3794eff5413f2df1ef37cddf96918c6bde

Could you please let me know that those are
the right ones or if there are more commits
to be included?

Thank you,
Jan Damborsky

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Commits for CVE-2021-41617 [ In reply to ]
On Thu, 30 Sept 2021 at 16:37, Jan Damborsky <dambi@tio.cz> wrote:

> I am now in process of preparing patch for OpenSSH 8.4p1
> to address CVE-2021-41617 (fixed in OpenSSH 8.8p1),
> but it is not quite clear to me which particular
> commits are relevant.
>
> So far I have identified following ones:
>
>
> https://github.com/openssh/openssh-portable/commit/f3cbe43e28fe71427d41cfe3a17125b972710455
>
> https://github.com/openssh/openssh-portable/commit/bf944e3794eff5413f2df1ef37cddf96918c6bde
>
> Could you please let me know that those are
> the right ones or if there are more commits
> to be included?
>

That's them. You can cross-check against the equivalent patch for OpenBSD
-stable:
https://ftp.openbsd.org/pub/OpenBSD/patches/6.9/common/016_sshd.patch.sig

--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Commits for CVE-2021-41617 [ In reply to ]
On 30. 09. 21 8:56, Darren Tucker wrote:
> On Thu, 30 Sept 2021 at 16:37, Jan Damborsky <dambi@tio.cz> wrote:
>
>> I am now in process of preparing patch for OpenSSH 8.4p1
>> to address CVE-2021-41617 (fixed in OpenSSH 8.8p1),
>> but it is not quite clear to me which particular
>> commits are relevant.
>>
>> So far I have identified following ones:
>>
>>
>> https://github.com/openssh/openssh-portable/commit/f3cbe43e28fe71427d41cfe3a17125b972710455
>>
>> https://github.com/openssh/openssh-portable/commit/bf944e3794eff5413f2df1ef37cddf96918c6bde
>>
>> Could you please let me know that those are
>> the right ones or if there are more commits
>> to be included?
>>
> That's them. You can cross-check against the equivalent patch for OpenBSD
> -stable:
> https://ftp.openbsd.org/pub/OpenBSD/patches/6.9/common/016_sshd.patch.sig

Thank you for confirmation, Darren.

Jan

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev