https://bugzilla.mindrot.org/show_bug.cgi?id=2207
Damien Miller <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] Severity|security |trivial --- Comment #1 from Damien Miller <[email protected]> --- We don't normally mark crashers as security bugs unless they take down the master sshd process. That being said, there is no NULL dereference here anyway. See the "kdfname == NULL" You are right about the logic error in testing the KDF name, but the impact of this is failure to read keys that have a KDF that is other than 'bcrypt' or 'none', which we would not be able to do anyway. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
