|
|
|
|
|
|
by garrettr_
2803 days ago
|
|
|
As pronoiac has already said, libssh != OpenSSH, which is far more widely used. According to the footer on https://www.libssh.org/, projects using LibSSH include KDE's sftp implementation, X2Go, and... GitHub: "GitHub uses libssh in production to power its git SSH infrastructure, serving millions of requests daily." If the footer text is still accurate, that's probably the most concerning potential issue with this vuln, although it's also possible GitHub has mitigated this risk in other ways. It would be nice to see GitHub publish something about this, one way or the other. Update: they recently tweeted confirming they were not at risk, https://twitter.com/GitHubSecurity/status/105231733337972326... |
|
|