mailing list archives
TL;DR anyone shipping OpenSSH portable 5.4 and 5.5 is vulnerable and needs to fix this.
This may also affect OpenSSH 5.4/5.5 (non portable) which I'll test when I get home.
Confirmed the code is basically identical, didn't actually run them to
test (since it's been fixed in OpenBSD for quite some time now).
Kurt Seifried Red Hat Security Response Team (SRT)