Hi Santiago, On Wed, Sep 18, 2024 at 09:06:14AM -0300, Santiago Ruano Rincón wrote: > El 23/02/24 a las 13:32, Colin Watson escribió: > > On Fri, Feb 23, 2024 at 12:40:41PM +0000, P Tamil Selvam wrote: > > > Pls. let us know the ETA by when openssh issue will be fixed in bookworm > > > release ? > > > > No fix exists anywhere to my knowledge, so there is currently no ETA. > > The right place to ask about a fix would be upstream. > > Upstream seems to be clear about not going to providing any patch for > this: https://bugzilla.mindrot.org/show_bug.cgi?id=3656#c1
Yes at least holding this still up to now. In fact for the security-tracker we have marked the issue as unimportant and added the following note: | https://arxiv.org/abs/2309.02545 | Upstream does not consider CVE-2023-51767 a bug underlying in OpenSSH and | does not intent to address it in OpenSSH. To todays knowledge (2024-03-13) | it has not been demonstrated that the issue is exploitable in any real | software configuration. Regards, Salvatore