[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVE-2023-6918: removal of unused evp functions & types


Hello,

Thank you again for the information in January regarding backporting the
fix for CVE-2023-48795 to older libssh.  I am now working to backport
the fix for CVE-2023-6918, and have a quick question.
There is a commit labelled

    CVE-2023-6918: Remove unused evp functions and types

but this is non-trivial to backport because the functions are not unused
in the older libssh.  My question is, is there a security concern with
these functions, or was this commit just tidying up?

I'm asking because the commit message is prefixed with the CVE number,
which makes me think it might be significant for the vulnerability.

Thanks!

-- 
Sean Whitton

Attachment: signature.asc
Description: PGP signature


Follow-Ups:
Re: CVE-2023-6918: removal of unused evp functions & typesJakub Jelen <jjelen@xxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org