https://bugzilla.mindrot.org/show_bug.cgi?id=3005
Damien Miller <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |WONTFIX --- Comment #5 from Damien Miller <[email protected]> --- The most recent patch still introduces OpenSSL ASN.1 parsing in the pre-authentication signature verification path. This is a huge attack surface that we're simply not prepared to accept. IMO the history of vulnerabilities that we've avoided by doing so speaks for itself. Sorry, but we won't be adopting this approach. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
