Re: matrixssl
- To: Guido Günther <agx@sigxcpu.org>, Ola Lundqvist <ola@inguza.com>
- Cc: Debian LTS <debian-lts@lists.debian.org>
- Subject: Re: matrixssl
- From: Brian May <bam@debian.org>
- Date: Thu, 01 Sep 2016 17:41:19 +1000
- Message-id: <[🔎] 87oa48qd7k.fsf@prune.linuxpenguins.xyz>
- In-reply-to: <20160823184619.ligohblvpi5wxsiu@bogon.m.sigxcpu.org>
- References: <CABY6=0m6hkH3FpnADKyD+2kaAEUZYpPx5gkVBWeNfj4y1_SYUw@mail.gmail.com> <87a8gj8yuk.fsf@prune.linuxpenguins.xyz> <20160811183508.GA25886@bogon.m.sigxcpu.org> <87d1l76did.fsf@prune.linuxpenguins.xyz> <20160818052455.kybgoxuauzietal2@bogon.m.sigxcpu.org> <20160819144920.7eyncqm2kfzjndl7@bogon.m.sigxcpu.org> <87a8g544ue.fsf@prune.linuxpenguins.xyz> <8760qt43tm.fsf@prune.linuxpenguins.xyz> <20160823052256.ysety37mygjxxovu@bogon.m.sigxcpu.org> <CABY6=0=XPkeD5aeczFcWaiZJHRnMiKSckb2xrFat3X2j+1VoZg@mail.gmail.com> <20160823184619.ligohblvpi5wxsiu@bogon.m.sigxcpu.org>
Guido Günther <agx@sigxcpu.org> writes:
> There are exploits mentioned in the paper. I think we should test them
> before releasing a DLA.
What paper are you referring to here?
There is the blog post here:
https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html
However I don't see any exploits mentioned.
Maybe you know of some other document?
--
Brian May <bam@debian.org>
Reply to: