Okay the issue seems to be localized in the OpenSSH package, the commit in question was introduced with the fixes for bug 962313 for CVE-2016-1908