Source: openssh
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
Hi,
The following vulnerability was published for openssh.
CVE-2021-28041[0]:
| ssh-agent in OpenSSH before 8.5 has a double free that may be relevant
| in a few less-common scenarios, such as unconstrained age
On Wed, Mar 10, 2021 at 05:57:52PM +0100, Moritz Muehlenhoff wrote:
> The following vulnerability was published for openssh.
>
> CVE-2021-28041[0]:
> | ssh-agent in OpenSSH before 8.5 has a double free that may be relevant
> | in a few less-common scenarios, such as unconstrained agent-socket
> |
On Sat, 13 Mar 2021 at 10:01, Colin Watson wrote:
> This patch unfortunately doesn't apply terribly cleanly to OpenSSH
> 8.4p1, [...]
> If I understand the vulnerability correctly, then it seems to me that
> the following shorter patch would fix it, and would run less risk of me
> fouling somethin
On Sat, Mar 13, 2021 at 02:55:48PM +1100, Darren Tucker wrote:
> On Sat, 13 Mar 2021 at 10:01, Colin Watson wrote:
> > This patch unfortunately doesn't apply terribly cleanly to OpenSSH
> > 8.4p1, [...]
> > If I understand the vulnerability correctly, then it seems to me that
> > the following sho
4 matches
Mail list logo
