Re: matrixssl

To: Guido Günther <agx@sigxcpu.org>, Ola Lundqvist <ola@inguza.com>
Cc: Debian LTS <debian-lts@lists.debian.org>
Subject: Re: matrixssl
From: Brian May <bam@debian.org>
Date: Thu, 01 Sep 2016 17:41:19 +1000
Message-id: <[🔎] 87oa48qd7k.fsf@prune.linuxpenguins.xyz>
In-reply-to: <20160823184619.ligohblvpi5wxsiu@bogon.m.sigxcpu.org>
References: <CABY6=0m6hkH3FpnADKyD+2kaAEUZYpPx5gkVBWeNfj4y1_SYUw@mail.gmail.com> <87a8gj8yuk.fsf@prune.linuxpenguins.xyz> <20160811183508.GA25886@bogon.m.sigxcpu.org> <87d1l76did.fsf@prune.linuxpenguins.xyz> <20160818052455.kybgoxuauzietal2@bogon.m.sigxcpu.org> <20160819144920.7eyncqm2kfzjndl7@bogon.m.sigxcpu.org> <87a8g544ue.fsf@prune.linuxpenguins.xyz> <8760qt43tm.fsf@prune.linuxpenguins.xyz> <20160823052256.ysety37mygjxxovu@bogon.m.sigxcpu.org> <CABY6=0=XPkeD5aeczFcWaiZJHRnMiKSckb2xrFat3X2j+1VoZg@mail.gmail.com> <20160823184619.ligohblvpi5wxsiu@bogon.m.sigxcpu.org>

Guido Günther <agx@sigxcpu.org> writes:

> There are exploits mentioned in the paper. I think we should test them
> before releasing a DLA.

What paper are you referring to here?

There is the blog post here:

https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html

However I don't see any exploits mentioned.

Maybe you know of some other document?
-- 
Brian May <bam@debian.org>

Reply to:

Follow-Ups:
- Re: matrixssl
  - From: Guido Günther <agx@sigxcpu.org>

Next by Date: Re: August Report
Next by thread: Re: matrixssl
Index(es):
- Date
- Thread