https://bugzilla.mindrot.org/show_bug.cgi?id=2143
Jakub Jelen <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #6 from Jakub Jelen <[email protected]> --- ping. Is there any update on this? To my understanding and testing, the patch provided by Petr does NOT expose the linked CVE, because the attack really depends on the ignoring EADDRINUSE errno, which was the problem of implementation before OpenSSH 5.0 but not of this patch. I believe that it is not a priority for you, but on some systems with disabled IPv6 this issue is pretty annoying. I can see in this bug that there are at least three people who believe it is a bug and that this patch is solving the problem without introducing any regression in security. So is there any chance to have this patch reviewed/accepted? -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
