> No additional option is needed to change the ordering. If you want to hard-code the default then use the existing HostKeyAlgorithms option.
> Between b3855ff and the more recent change to enable UpdateHostKeys, most users should soon receive the default ordering anyway.
I don't know if this means, that it will not be fixed. It sounds, that there are already some fixes integrated.
But why was the CVE updated to the latest version?
I have tested 8.6 on my machine, and the described exploit still works :-(
Perhaps it is fixed in the next release?
> No additional option is needed to change the ordering. If you want to hard-code the default then use the existing HostKeyAlgorithms option.
> Between b3855ff and the more recent change to enable UpdateHostKeys, most users should soon receive the default ordering anyway.
I don't know if this means, that it will not be fixed. It sounds, that there are already some fixes integrated.
But why was the CVE updated to the latest version?
I have tested 8.6 on my machine, and the described exploit still works :-(
Perhaps it is fixed in the next release?