[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVE-2023-6918: removal of unused evp functions & types
[Thread Prev] | [Thread Next]
- Subject: CVE-2023-6918: removal of unused evp functions & types
- From: Sean Whitton <spwhitton@xxxxxxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Sun, 25 Feb 2024 13:17:33 +0800
- To: libssh@xxxxxxxxxx
- Cc: debian-lts@xxxxxxxxxxxxxxxx, Jakub Jelen <jjelen@xxxxxxxxxx>
Hello,
Thank you again for the information in January regarding backporting the
fix for CVE-2023-48795 to older libssh. I am now working to backport
the fix for CVE-2023-6918, and have a quick question.
There is a commit labelled
CVE-2023-6918: Remove unused evp functions and types
but this is non-trivial to backport because the functions are not unused
in the older libssh. My question is, is there a security concern with
these functions, or was this commit just tidying up?
I'm asking because the commit message is prefixed with the CVE number,
which makes me think it might be significant for the vulnerability.
Thanks!
--
Sean Whitton
Attachment:
signature.asc
Description: PGP signature
| Re: CVE-2023-6918: removal of unused evp functions & types | Jakub Jelen <jjelen@xxxxxxxxxx> |