On 30 November 2012 22:41, Scott Garman <[email protected]> wrote:
> The second link you referenced above explains that the vulnerability exists
> in versions prior to openssh 5.8p2, and yet your patch was submitted against
> openssh 6.0p1. So it seems that this would not apply. Or am I
> misunderstanding the nature of the bug?
Prior to 5.8p2 *and* not Linux:
2. Affected configurations
Portable OpenSSH prior to version 5.8p2 only on platforms
that are configured to use ssh-rand-helper for entropy
collection.
ssh-rand-helper is enabled at configure time when it is
detected that OpenSSL does not have a built-in source of
randomness, and only used at runtime if this condition
remains. Platforms that support /dev/random or otherwise
configure OpenSSL with a random number provider are not
vulnerable.
In particular, *BSD, OS X, Cygwin and Linux are not
affected.
Ross
_______________________________________________
Openembedded-core mailing list
[email protected]
http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
