On Tue, Nov 18, 2025 at 04:49:26AM +0000, [email protected] wrote:
> Although Debian Buster is now under ELTS, I'd like to share a patch for
> CVE-2019-16905 in OpenSSH (1:7.9p1-10+deb10u5).
Do we actually enable this code? The CVE text reads like this should
not be the case:
| NOTE: the XMSS implementation is considered experimental in all
| released OpenSSH versions, and there is no supported way to enable it
| when building portable OpenSSH.
Bastian
--
Love sometimes expresses itself in sacrifice.
-- Kirk, "Metamorphosis", stardate 3220.3
