Chilkat would not be vulnerable to this flaw would it ?
(Havent come across a "roaming" feature in the documentation, but on the other hand I havent exactly been looking for it either.)
Chilkat's not vulnerable for two reasons:
1) Chilkat does not use OpenSSH, nor was Chilkat's SSH implementation developed using OpenSSH as a reference. The Chilkat SSH implementation was developed straight from the RFC specifications.
2) The vulnerability had to do with OpenSSH using experimental features to resume SSH sessions. Chilkat has never implemented this feature.