CVE-2023-6918: removal of unused evp functions & types

To: libssh@libssh.org
Cc: debian-lts@lists.debian.org, Jakub Jelen <jjelen@redhat.com>
Subject: CVE-2023-6918: removal of unused evp functions & types
From: Sean Whitton <spwhitton@spwhitton.name>
Date: Sun, 25 Feb 2024 13:17:33 +0800
Message-id: <[🔎] 875xydruky.fsf@melete.silentflame.com>

Hello,

Thank you again for the information in January regarding backporting the
fix for CVE-2023-48795 to older libssh.  I am now working to backport
the fix for CVE-2023-6918, and have a quick question.
There is a commit labelled

    CVE-2023-6918: Remove unused evp functions and types

but this is non-trivial to backport because the functions are not unused
in the older libssh.  My question is, is there a security concern with
these functions, or was this commit just tidying up?

I'm asking because the commit message is prefixed with the CVE number,
which makes me think it might be significant for the vulnerability.

Thanks!

-- 
Sean Whitton

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: CVE-2023-6918: removal of unused evp functions & types
  - From: Jakub Jelen <jjelen@redhat.com>

Prev by Date: Re: armhf builds failing for thunderbird/1:115.8.0-1~deb10u1
Next by Date: Re: CVE-2023-6918: removal of unused evp functions & types
Previous by thread: Re: armhf builds failing for thunderbird/1:115.8.0-1~deb10u1
Next by thread: Re: CVE-2023-6918: removal of unused evp functions & types
Index(es):
- Date
- Thread