Hello, Thank you again for the information in January regarding backporting the fix for CVE-2023-48795 to older libssh. I am now working to backport the fix for CVE-2023-6918, and have a quick question. There is a commit labelled CVE-2023-6918: Remove unused evp functions and types but this is non-trivial to backport because the functions are not unused in the older libssh. My question is, is there a security concern with these functions, or was this commit just tidying up? I'm asking because the commit message is prefixed with the CVE number, which makes me think it might be significant for the vulnerability. Thanks! -- Sean Whitton
Attachment:
signature.asc
Description: PGP signature