[Bug 1313865] Re: Bad bignum encoding for curve25519-sha256 at libssh.org

Wed Apr 30 16:22:20 UTC 2014

*** This bug is a duplicate of bug 1310781 ***
    https://bugs.launchpad.net/bugs/1310781

I missed the earlier report.

I went from memory on the package version number; ssh -V reports 6.6.1p1
but as you found dpkg says 1:6.6p1-4.

I hope that helps the case for getting it into trusty.

That is the correct patch from deb’s package.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1313865

Title:
  Bad bignum encoding for curve25519-sha256 at libssh.org

Status in “openssh” package in Ubuntu:
  Triaged

Bug description:
  A patch for 6.6p1 was posted on the openssh list fixing a bug in the
  25519 negotiation and changing the reported version to 6.6.1p1.

  Future versions of openssh, version 6.6.1p1 itself, and other ssh
  software, such as libssh, will refuse to speak 25519 to anything which
  identifies itself as openssh 6.6p1or 6.5p1.

  The patch was posted for the express purpose of providing an easy
  update for 6.6p1 to avoid this bug.

  Debian has updated sid to 6.6.1p1, and that should copy over to jessie
  soon.  You can see their git for the details.

  Both utopic and trusty should get this update quickly.  And in trusty
  itself, not just -updates or -backports; notwithstanding the edit to
  the reported version it is a bug fix for 6.6p1.

  Any backports or updates repos which have 6.6p1 also should get the
  update to 6.6.1p1.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1313865/+subscriptions